// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`csharp for package 1`] = ` "# Amazon ECR Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This package contains constructs for working with Amazon Elastic Container Registry. ## Repositories Define a repository by creating a new instance of \`Repository\`. A repository holds multiple verions of a single container image. \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var repository = new ecr.Repository(this, "Repository"); \`\`\` ## Image scanning Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable \`imageScanOnPush\` in the properties \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var repository = new ecr.Repository(stack, "Repo", new Struct { ImageScanOnPush = true }); \`\`\` To create an \`onImageScanCompleted\` event rule and trigger the event target \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. repository.OnImageScanCompleted("ImageScanComplete").AddTarget(...); \`\`\` ### Authorization Token Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the \`GetAuthorizationToken\` ECR API. The following code snippets grants an IAM user access to call this API. \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. using Amazon.CDK.AWS.IAM; using Amazon.CDK.AWS.ECR; var user = new User(this, "User", new UserProps { ... }); AuthorizationToken.GrantRead(user); \`\`\` If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits. > See \`Pricing\` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html). The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery. \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. using Amazon.CDK.AWS.IAM; using Amazon.CDK.AWS.ECR; var user = new User(this, "User", new UserProps { ... }); PublicGalleryAuthorizationToken.GrantRead(user); \`\`\` This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth). ### Image tag immutability You can set tag immutability on images in our repository using the \`imageTagMutability\` construct prop. \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. new ecr.Repository(stack, "Repo", new Struct { ImageTagMutability = ecr.TagMutability.IMMUTABLE }); \`\`\` ## Automatically clean up repositories You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here): \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. repository.AddLifecycleRule(new Struct { TagPrefixList = new [] { "prod" }, MaxImageCount = 9999 }); repository.AddLifecycleRule(new Struct { MaxImageAge = cdk.Duration.Days(30) }); \`\`\` # API Reference ## Constructs ### CfnPublicRepository - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnPublicRepository(Construct Scope, string Id, CfnPublicRepositoryProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnPublicRepositoryProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Optional - *Type:* CfnPublicRepositoryProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnPublicRepository.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnPublicRepository.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnPublicRepository.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::ECR::PublicRepository.Tags\`. | | RepositoryCatalogData | object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | RepositoryPolicyText | object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | RepositoryName | string | \`AWS::ECR::PublicRepository.RepositoryName\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ##### \`RepositoryCatalogData\`Required \`\`\`csharp public object RepositoryCatalogData { get; } \`\`\` - *Type:* object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`RepositoryPolicyText\`Required \`\`\`csharp public object RepositoryPolicyText { get; } \`\`\` - *Type:* object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnRegistryPolicy - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnRegistryPolicy(Construct Scope, string Id, CfnRegistryPolicyProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnRegistryPolicyProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnRegistryPolicyProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRegistryPolicy.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRegistryPolicy.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRegistryPolicy.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrRegistryId | string | *No description.* | | PolicyText | object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrRegistryId\`Required \`\`\`csharp public string AttrRegistryId { get; } \`\`\` - *Type:* string --- ##### \`PolicyText\`Required \`\`\`csharp public object PolicyText { get; } \`\`\` - *Type:* object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnReplicationConfiguration - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnReplicationConfiguration(Construct Scope, string Id, CfnReplicationConfigurationProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnReplicationConfigurationProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnReplicationConfigurationProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnReplicationConfiguration.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnReplicationConfiguration.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnReplicationConfiguration.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrRegistryId | string | *No description.* | | ReplicationConfiguration | object | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrRegistryId\`Required \`\`\`csharp public string AttrRegistryId { get; } \`\`\` - *Type:* string --- ##### \`ReplicationConfiguration\`Required \`\`\`csharp public object ReplicationConfiguration { get; } \`\`\` - *Type:* object \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnRepository - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnRepository(Construct Scope, string Id, CfnRepositoryProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnRepositoryProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Optional - *Type:* CfnRepositoryProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRepository.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRepository.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRepository.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | AttrRepositoryUri | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::ECR::Repository.Tags\`. | | EncryptionConfiguration | object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | ImageScanningConfiguration | object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | RepositoryPolicyText | object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | ImageTagMutability | string | \`AWS::ECR::Repository.ImageTagMutability\`. | | LifecyclePolicy | object | \`AWS::ECR::Repository.LifecyclePolicy\`. | | RepositoryName | string | \`AWS::ECR::Repository.RepositoryName\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`AttrRepositoryUri\`Required \`\`\`csharp public string AttrRepositoryUri { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ##### \`EncryptionConfiguration\`Required \`\`\`csharp public object EncryptionConfiguration { get; } \`\`\` - *Type:* object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`ImageScanningConfiguration\`Required \`\`\`csharp public object ImageScanningConfiguration { get; } \`\`\` - *Type:* object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`RepositoryPolicyText\`Required \`\`\`csharp public object RepositoryPolicyText { get; } \`\`\` - *Type:* object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`ImageTagMutability\`Optional \`\`\`csharp public string ImageTagMutability { get; } \`\`\` - *Type:* string \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`LifecyclePolicy\`Optional \`\`\`csharp public object LifecyclePolicy { get; } \`\`\` - *Type:* object \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### Repository Define an ECR repository. #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new Repository(Construct Scope, string Id, RepositoryProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | RepositoryProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Optional - *Type:* RepositoryProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddToResourcePolicy | Add a policy statement to the repository's resource policy. | | Grant | Grant the given principal identity permissions to perform the actions on this repository. | | GrantPull | Grant the given identity permissions to use the images in this repository. | | GrantPullPush | Grant the given identity permissions to pull and push images to this repository. | | OnCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | OnCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | OnEvent | Defines a CloudWatch event rule which triggers for repository events. | | OnImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | RepositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | RepositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | AddLifecycleRule | Add a life cycle rule to the repository. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- ##### \`AddToResourcePolicy\` \`\`\`csharp private AddToResourcePolicyResult AddToResourcePolicy(PolicyStatement Statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`Statement\`Required - *Type:* Amazon.CDK.AWS.IAM.PolicyStatement --- ##### \`Grant\` \`\`\`csharp private Grant Grant(IGrantable Grantee, string Actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ###### \`Actions\`Required - *Type:* string --- ##### \`GrantPull\` \`\`\`csharp private Grant GrantPull(IGrantable Grantee) \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`GrantPullPush\` \`\`\`csharp private Grant GrantPullPush(IGrantable Grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`OnCloudTrailEvent\` \`\`\`csharp private Rule OnCloudTrailEvent(string Id, OnEventOptions Options = null) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions Options for adding the rule. --- ##### \`OnCloudTrailImagePushed\` \`\`\`csharp private Rule OnCloudTrailImagePushed(string Id, OnCloudTrailImagePushedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`OnEvent\` \`\`\`csharp private Rule OnEvent(string Id, OnEventOptions Options = null) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions --- ##### \`OnImageScanCompleted\` \`\`\`csharp private Rule OnImageScanCompleted(string Id, OnImageScanCompletedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`RepositoryUriForDigest\` \`\`\`csharp private string RepositoryUriForDigest(string Digest = null) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`Digest\`Optional - *Type:* string Optional image digest. --- ##### \`RepositoryUriForTag\` \`\`\`csharp private string RepositoryUriForTag(string Tag = null) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`Tag\`Optional - *Type:* string Optional image tag. --- ##### \`AddLifecycleRule\` \`\`\`csharp private void AddLifecycleRule(LifecycleRule Rule) \`\`\` Add a life cycle rule to the repository. Life cycle rules automatically expire images from the repository that match certain conditions. ###### \`Rule\`Required - *Type:* LifecycleRule --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | ArnForLocalRepository | Returns an ECR ARN for a repository that resides in the same account/region as the current stack. | | FromRepositoryArn | *No description.* | | FromRepositoryAttributes | Import a repository. | | FromRepositoryName | *No description.* | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Amazon.CDK.IConstruct --- ##### \`ArnForLocalRepository\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.ArnForLocalRepository(string RepositoryName, IConstruct Scope, string Account = null); \`\`\` Returns an ECR ARN for a repository that resides in the same account/region as the current stack. ###### \`RepositoryName\`Required - *Type:* string --- ###### \`Scope\`Required - *Type:* Constructs.IConstruct --- ###### \`Account\`Optional - *Type:* string --- ##### \`FromRepositoryArn\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.FromRepositoryArn(Construct Scope, string Id, string RepositoryArn); \`\`\` ###### \`Scope\`Required - *Type:* Constructs.Construct --- ###### \`Id\`Required - *Type:* string --- ###### \`RepositoryArn\`Required - *Type:* string --- ##### \`FromRepositoryAttributes\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.FromRepositoryAttributes(Construct Scope, string Id, RepositoryAttributes Attrs); \`\`\` Import a repository. ###### \`Scope\`Required - *Type:* Constructs.Construct --- ###### \`Id\`Required - *Type:* string --- ###### \`Attrs\`Required - *Type:* RepositoryAttributes --- ##### \`FromRepositoryName\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.FromRepositoryName(Construct Scope, string Id, string RepositoryName); \`\`\` ###### \`Scope\`Required - *Type:* Constructs.Construct --- ###### \`Id\`Required - *Type:* string --- ###### \`RepositoryName\`Required - *Type:* string --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | RepositoryArn | string | The ARN of the repository. | | RepositoryName | string | The name of the repository. | | RepositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`RepositoryArn\`Required \`\`\`csharp public string RepositoryArn { get; } \`\`\` - *Type:* string The ARN of the repository. --- ##### \`RepositoryName\`Required \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string The name of the repository. --- ##### \`RepositoryUri\`Required \`\`\`csharp public string RepositoryUri { get; } \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ### RepositoryBase - *Implements:* IRepository Base class for ECR repository. Reused between imported repositories and owned repositories. #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new RepositoryBase(Construct Scope, string Id, ResourceProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | Amazon.CDK.ResourceProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Optional - *Type:* Amazon.CDK.ResourceProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddToResourcePolicy | Add a policy statement to the repository's resource policy. | | Grant | Grant the given principal identity permissions to perform the actions on this repository. | | GrantPull | Grant the given identity permissions to use the images in this repository. | | GrantPullPush | Grant the given identity permissions to pull and push images to this repository. | | OnCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | OnCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | OnEvent | Defines a CloudWatch event rule which triggers for repository events. | | OnImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | RepositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | RepositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- ##### \`AddToResourcePolicy\` \`\`\`csharp private AddToResourcePolicyResult AddToResourcePolicy(PolicyStatement Statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`Statement\`Required - *Type:* Amazon.CDK.AWS.IAM.PolicyStatement --- ##### \`Grant\` \`\`\`csharp private Grant Grant(IGrantable Grantee, string Actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ###### \`Actions\`Required - *Type:* string --- ##### \`GrantPull\` \`\`\`csharp private Grant GrantPull(IGrantable Grantee) \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`GrantPullPush\` \`\`\`csharp private Grant GrantPullPush(IGrantable Grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`OnCloudTrailEvent\` \`\`\`csharp private Rule OnCloudTrailEvent(string Id, OnEventOptions Options = null) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions Options for adding the rule. --- ##### \`OnCloudTrailImagePushed\` \`\`\`csharp private Rule OnCloudTrailImagePushed(string Id, OnCloudTrailImagePushedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`OnEvent\` \`\`\`csharp private Rule OnEvent(string Id, OnEventOptions Options = null) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions --- ##### \`OnImageScanCompleted\` \`\`\`csharp private Rule OnImageScanCompleted(string Id, OnImageScanCompletedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`RepositoryUriForDigest\` \`\`\`csharp private string RepositoryUriForDigest(string Digest = null) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`Digest\`Optional - *Type:* string Optional image digest. --- ##### \`RepositoryUriForTag\` \`\`\`csharp private string RepositoryUriForTag(string Tag = null) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`Tag\`Optional - *Type:* string Optional image tag. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; RepositoryBase.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; RepositoryBase.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Amazon.CDK.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | RepositoryArn | string | The ARN of the repository. | | RepositoryName | string | The name of the repository. | | RepositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`RepositoryArn\`Required \`\`\`csharp public string RepositoryArn { get; } \`\`\` - *Type:* string The ARN of the repository. --- ##### \`RepositoryName\`Required \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string The name of the repository. --- ##### \`RepositoryUri\`Required \`\`\`csharp public string RepositoryUri { get; } \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Structs ### CfnPublicRepositoryProps Properties for defining a \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnPublicRepositoryProps { object RepositoryCatalogData = null, string RepositoryName = null, object RepositoryPolicyText = null, CfnTag[] Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | RepositoryCatalogData | object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | RepositoryName | string | \`AWS::ECR::PublicRepository.RepositoryName\`. | | RepositoryPolicyText | object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | Tags | Amazon.CDK.CfnTag[] | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`RepositoryCatalogData\`Optional \`\`\`csharp public object RepositoryCatalogData { get; set; } \`\`\` - *Type:* object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; set; } \`\`\` - *Type:* string \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`RepositoryPolicyText\`Optional \`\`\`csharp public object RepositoryPolicyText { get; set; } \`\`\` - *Type:* object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`Tags\`Optional \`\`\`csharp public CfnTag[] Tags { get; set; } \`\`\` - *Type:* Amazon.CDK.CfnTag[] \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ### CfnRegistryPolicyProps Properties for defining a \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnRegistryPolicyProps { object PolicyText }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | PolicyText | object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`PolicyText\`Required \`\`\`csharp public object PolicyText { get; set; } \`\`\` - *Type:* object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- ### CfnReplicationConfigurationProps Properties for defining a \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnReplicationConfigurationProps { object ReplicationConfiguration }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ReplicationConfiguration | object | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`ReplicationConfiguration\`Required \`\`\`csharp public object ReplicationConfiguration { get; set; } \`\`\` - *Type:* object \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- ### CfnRepositoryProps Properties for defining a \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnRepositoryProps { object EncryptionConfiguration = null, object ImageScanningConfiguration = null, string ImageTagMutability = null, object LifecyclePolicy = null, string RepositoryName = null, object RepositoryPolicyText = null, CfnTag[] Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | EncryptionConfiguration | object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | ImageScanningConfiguration | object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | ImageTagMutability | string | \`AWS::ECR::Repository.ImageTagMutability\`. | | LifecyclePolicy | object | \`AWS::ECR::Repository.LifecyclePolicy\`. | | RepositoryName | string | \`AWS::ECR::Repository.RepositoryName\`. | | RepositoryPolicyText | object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | Tags | Amazon.CDK.CfnTag[] | \`AWS::ECR::Repository.Tags\`. | --- ##### \`EncryptionConfiguration\`Optional \`\`\`csharp public object EncryptionConfiguration { get; set; } \`\`\` - *Type:* object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`ImageScanningConfiguration\`Optional \`\`\`csharp public object ImageScanningConfiguration { get; set; } \`\`\` - *Type:* object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`ImageTagMutability\`Optional \`\`\`csharp public string ImageTagMutability { get; set; } \`\`\` - *Type:* string \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`LifecyclePolicy\`Optional \`\`\`csharp public object LifecyclePolicy { get; set; } \`\`\` - *Type:* object \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; set; } \`\`\` - *Type:* string \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`RepositoryPolicyText\`Optional \`\`\`csharp public object RepositoryPolicyText { get; set; } \`\`\` - *Type:* object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`Tags\`Optional \`\`\`csharp public CfnTag[] Tags { get; set; } \`\`\` - *Type:* Amazon.CDK.CfnTag[] \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ### LifecyclePolicyProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new LifecyclePolicyProperty { string LifecyclePolicyText = null, string RegistryId = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | LifecyclePolicyText | string | \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. | | RegistryId | string | \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. | --- ##### \`LifecyclePolicyText\`Optional \`\`\`csharp public string LifecyclePolicyText { get; set; } \`\`\` - *Type:* string \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext) --- ##### \`RegistryId\`Optional \`\`\`csharp public string RegistryId { get; set; } \`\`\` - *Type:* string \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid) --- ### LifecycleRule An ECR life cycle rule. #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new LifecycleRule { string Description = null, Duration MaxImageAge = null, double MaxImageCount = null, double RulePriority = null, string[] TagPrefixList = null, TagStatus TagStatus = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Description | string | Describes the purpose of the rule. | | MaxImageAge | Amazon.CDK.Duration | The maximum age of images to retain. The value must represent a number of days. | | MaxImageCount | double | The maximum number of images to retain. | | RulePriority | double | Controls the order in which rules are evaluated (low to high). | | TagPrefixList | string[] | Select images that have ALL the given prefixes in their tag. | | TagStatus | TagStatus | Select images based on tags. | --- ##### \`Description\`Optional \`\`\`csharp public string Description { get; set; } \`\`\` - *Type:* string - *Default:* No description Describes the purpose of the rule. --- ##### \`MaxImageAge\`Optional \`\`\`csharp public Duration MaxImageAge { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`MaxImageCount\`Optional \`\`\`csharp public double MaxImageCount { get; set; } \`\`\` - *Type:* double The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`RulePriority\`Optional \`\`\`csharp public double RulePriority { get; set; } \`\`\` - *Type:* double - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ##### \`TagPrefixList\`Optional \`\`\`csharp public string[] TagPrefixList { get; set; } \`\`\` - *Type:* string[] Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ##### \`TagStatus\`Optional \`\`\`csharp public TagStatus TagStatus { get; set; } \`\`\` - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- ### OnCloudTrailImagePushedOptions Options for the onCloudTrailImagePushed method. #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new OnCloudTrailImagePushedOptions { string Description = null, EventPattern EventPattern = null, string RuleName = null, IRuleTarget Target = null, string ImageTag = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Description | string | A description of the rule's purpose. | | EventPattern | Amazon.CDK.AWS.Events.EventPattern | Additional restrictions for the event to route to the specified target. | | RuleName | string | A name for the rule. | | Target | Amazon.CDK.AWS.Events.IRuleTarget | The target to register for the event. | | ImageTag | string | Only watch changes to this image tag. | --- ##### \`Description\`Optional \`\`\`csharp public string Description { get; set; } \`\`\` - *Type:* string - *Default:* No description A description of the rule's purpose. --- ##### \`EventPattern\`Optional \`\`\`csharp public EventPattern EventPattern { get; set; } \`\`\` - *Type:* Amazon.CDK.AWS.Events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`RuleName\`Optional \`\`\`csharp public string RuleName { get; set; } \`\`\` - *Type:* string - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`Target\`Optional \`\`\`csharp public IRuleTarget Target { get; set; } \`\`\` - *Type:* Amazon.CDK.AWS.Events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`ImageTag\`Optional \`\`\`csharp public string ImageTag { get; set; } \`\`\` - *Type:* string - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ### OnImageScanCompletedOptions Options for the OnImageScanCompleted method. #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new OnImageScanCompletedOptions { string Description = null, EventPattern EventPattern = null, string RuleName = null, IRuleTarget Target = null, string[] ImageTags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Description | string | A description of the rule's purpose. | | EventPattern | Amazon.CDK.AWS.Events.EventPattern | Additional restrictions for the event to route to the specified target. | | RuleName | string | A name for the rule. | | Target | Amazon.CDK.AWS.Events.IRuleTarget | The target to register for the event. | | ImageTags | string[] | Only watch changes to the image tags spedified. | --- ##### \`Description\`Optional \`\`\`csharp public string Description { get; set; } \`\`\` - *Type:* string - *Default:* No description A description of the rule's purpose. --- ##### \`EventPattern\`Optional \`\`\`csharp public EventPattern EventPattern { get; set; } \`\`\` - *Type:* Amazon.CDK.AWS.Events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`RuleName\`Optional \`\`\`csharp public string RuleName { get; set; } \`\`\` - *Type:* string - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`Target\`Optional \`\`\`csharp public IRuleTarget Target { get; set; } \`\`\` - *Type:* Amazon.CDK.AWS.Events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`ImageTags\`Optional \`\`\`csharp public string[] ImageTags { get; set; } \`\`\` - *Type:* string[] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ### ReplicationConfigurationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new ReplicationConfigurationProperty { object Rules }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Rules | object | \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. | --- ##### \`Rules\`Required \`\`\`csharp public object Rules { get; set; } \`\`\` - *Type:* object \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules) --- ### ReplicationDestinationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new ReplicationDestinationProperty { string Region, string RegistryId }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Region | string | \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. | | RegistryId | string | \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. | --- ##### \`Region\`Required \`\`\`csharp public string Region { get; set; } \`\`\` - *Type:* string \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region) --- ##### \`RegistryId\`Required \`\`\`csharp public string RegistryId { get; set; } \`\`\` - *Type:* string \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid) --- ### ReplicationRuleProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new ReplicationRuleProperty { object Destinations }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Destinations | object | \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. | --- ##### \`Destinations\`Required \`\`\`csharp public object Destinations { get; set; } \`\`\` - *Type:* object \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations) --- ### RepositoryAttributes #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new RepositoryAttributes { string RepositoryArn, string RepositoryName }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | RepositoryArn | string | *No description.* | | RepositoryName | string | *No description.* | --- ##### \`RepositoryArn\`Required \`\`\`csharp public string RepositoryArn { get; set; } \`\`\` - *Type:* string --- ##### \`RepositoryName\`Required \`\`\`csharp public string RepositoryName { get; set; } \`\`\` - *Type:* string --- ### RepositoryProps #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new RepositoryProps { bool ImageScanOnPush = null, TagMutability ImageTagMutability = null, string LifecycleRegistryId = null, LifecycleRule[] LifecycleRules = null, RemovalPolicy RemovalPolicy = null, string RepositoryName = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ImageScanOnPush | bool | Enable the scan on push when creating the repository. | | ImageTagMutability | TagMutability | The tag mutability setting for the repository. | | LifecycleRegistryId | string | The AWS account ID associated with the registry that contains the repository. | | LifecycleRules | LifecycleRule[] | Life cycle rules to apply to this registry. | | RemovalPolicy | Amazon.CDK.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | RepositoryName | string | Name for this repository. | --- ##### \`ImageScanOnPush\`Optional \`\`\`csharp public bool ImageScanOnPush { get; set; } \`\`\` - *Type:* bool - *Default:* false Enable the scan on push when creating the repository. --- ##### \`ImageTagMutability\`Optional \`\`\`csharp public TagMutability ImageTagMutability { get; set; } \`\`\` - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`LifecycleRegistryId\`Optional \`\`\`csharp public string LifecycleRegistryId { get; set; } \`\`\` - *Type:* string - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`LifecycleRules\`Optional \`\`\`csharp public LifecycleRule[] LifecycleRules { get; set; } \`\`\` - *Type:* LifecycleRule[] - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`RemovalPolicy\`Optional \`\`\`csharp public RemovalPolicy RemovalPolicy { get; set; } \`\`\` - *Type:* Amazon.CDK.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name. Name for this repository. --- ## Classes ### AuthorizationToken Authorization token to access private ECR repositories in the current environment via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) #### Static Functions | **Name** | **Description** | | --- | --- | | GrantRead | Grant access to retrieve an authorization token. | --- ##### \`GrantRead\` \`\`\`csharp using Amazon.CDK.AWS.ECR; AuthorizationToken.GrantRead(IGrantable Grantee); \`\`\` Grant access to retrieve an authorization token. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ### PublicGalleryAuthorizationToken Authorization token to access the global public ECR Gallery via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth) #### Static Functions | **Name** | **Description** | | --- | --- | | GrantRead | Grant access to retrieve an authorization token. | --- ##### \`GrantRead\` \`\`\`csharp using Amazon.CDK.AWS.ECR; PublicGalleryAuthorizationToken.GrantRead(IGrantable Grantee); \`\`\` Grant access to retrieve an authorization token. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ## Protocols ### IRepository - *Extends:* Amazon.CDK.IResource - *Implemented By:* Repository, RepositoryBase, IRepository Represents an ECR repository. #### Methods | **Name** | **Description** | | --- | --- | | AddToResourcePolicy | Add a policy statement to the repository's resource policy. | | Grant | Grant the given principal identity permissions to perform the actions on this repository. | | GrantPull | Grant the given identity permissions to pull images in this repository. | | GrantPullPush | Grant the given identity permissions to pull and push images to this repository. | | OnCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | OnCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | OnEvent | Defines a CloudWatch event rule which triggers for repository events. | | OnImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. | | RepositoryUriForDigest | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | | RepositoryUriForTag | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | --- ##### \`AddToResourcePolicy\` \`\`\`csharp private AddToResourcePolicyResult AddToResourcePolicy(PolicyStatement Statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`Statement\`Required - *Type:* Amazon.CDK.AWS.IAM.PolicyStatement --- ##### \`Grant\` \`\`\`csharp private Grant Grant(IGrantable Grantee, string Actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ###### \`Actions\`Required - *Type:* string --- ##### \`GrantPull\` \`\`\`csharp private Grant GrantPull(IGrantable Grantee) \`\`\` Grant the given identity permissions to pull images in this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`GrantPullPush\` \`\`\`csharp private Grant GrantPullPush(IGrantable Grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`OnCloudTrailEvent\` \`\`\`csharp private Rule OnCloudTrailEvent(string Id, OnEventOptions Options = null) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions Options for adding the rule. --- ##### \`OnCloudTrailImagePushed\` \`\`\`csharp private Rule OnCloudTrailImagePushed(string Id, OnCloudTrailImagePushedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`OnEvent\` \`\`\`csharp private Rule OnEvent(string Id, OnEventOptions Options = null) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions --- ##### \`OnImageScanCompleted\` \`\`\`csharp private Rule OnImageScanCompleted(string Id, OnImageScanCompletedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`RepositoryUriForDigest\` \`\`\`csharp private string RepositoryUriForDigest(string Digest = null) \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`Digest\`Optional - *Type:* string Image digest to use (tools usually default to the image with the "latest" tag if omitted). --- ##### \`RepositoryUriForTag\` \`\`\`csharp private string RepositoryUriForTag(string Tag = null) \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`Tag\`Optional - *Type:* string Image tag to use (tools usually default to "latest" if omitted). --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node for this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | RepositoryArn | string | The ARN of the repository. | | RepositoryName | string | The name of the repository. | | RepositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node for this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`RepositoryArn\`Required \`\`\`csharp public string RepositoryArn { get; } \`\`\` - *Type:* string The ARN of the repository. --- ##### \`RepositoryName\`Required \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string The name of the repository. --- ##### \`RepositoryUri\`Required \`\`\`csharp public string RepositoryUri { get; } \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Enums ### TagMutability The tag mutability setting for your repository. #### Members | **Name** | **Description** | | --- | --- | | MUTABLE | allow image tags to be overwritten. | | IMMUTABLE | all image tags within the repository will be immutable which will prevent them from being overwritten. | --- ##### \`MUTABLE\` allow image tags to be overwritten. --- ##### \`IMMUTABLE\` all image tags within the repository will be immutable which will prevent them from being overwritten. --- ### TagStatus Select images based on tags. #### Members | **Name** | **Description** | | --- | --- | | ANY | Rule applies to all images. | | TAGGED | Rule applies to tagged images. | | UNTAGGED | Rule applies to untagged images. | --- ##### \`ANY\` Rule applies to all images. --- ##### \`TAGGED\` Rule applies to tagged images. --- ##### \`UNTAGGED\` Rule applies to untagged images. --- " `; exports[`csharp snapshot - root module 1`] = ` "# Amazon ECR Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This package contains constructs for working with Amazon Elastic Container Registry. ## Repositories Define a repository by creating a new instance of \`Repository\`. A repository holds multiple verions of a single container image. \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var repository = new ecr.Repository(this, "Repository"); \`\`\` ## Image scanning Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable \`imageScanOnPush\` in the properties \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var repository = new ecr.Repository(stack, "Repo", new Struct { ImageScanOnPush = true }); \`\`\` To create an \`onImageScanCompleted\` event rule and trigger the event target \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. repository.OnImageScanCompleted("ImageScanComplete").AddTarget(...); \`\`\` ### Authorization Token Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the \`GetAuthorizationToken\` ECR API. The following code snippets grants an IAM user access to call this API. \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. using Aws.Cdk.Aws.Iam; using Aws.Cdk.Aws.Ecr; var user = new User(this, "User", new Struct { ... }); AuthorizationToken.GrantRead(user); \`\`\` If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits. > See \`Pricing\` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html). The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery. \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. using Aws.Cdk.Aws.Iam; using Aws.Cdk.Aws.Ecr; var user = new User(this, "User", new Struct { ... }); PublicGalleryAuthorizationToken.GrantRead(user); \`\`\` This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth). ### Image tag immutability You can set tag immutability on images in our repository using the \`imageTagMutability\` construct prop. \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. new ecr.Repository(stack, "Repo", new Struct { ImageTagMutability = ecr.TagMutability.IMMUTABLE }); \`\`\` ## Automatically clean up repositories You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here): \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. repository.AddLifecycleRule(new Struct { TagPrefixList = new [] { "prod" }, MaxImageCount = 9999 }); repository.AddLifecycleRule(new Struct { MaxImageAge = cdk.Duration.Days(30) }); \`\`\` # API Reference ## Constructs ### CfnPublicRepository - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnPublicRepository(Construct Scope, string Id, CfnPublicRepositoryProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnPublicRepositoryProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Optional - *Type:* CfnPublicRepositoryProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnPublicRepository.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnPublicRepository.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnPublicRepository.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::ECR::PublicRepository.Tags\`. | | RepositoryCatalogData | object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | RepositoryPolicyText | object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | RepositoryName | string | \`AWS::ECR::PublicRepository.RepositoryName\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ##### \`RepositoryCatalogData\`Required \`\`\`csharp public object RepositoryCatalogData { get; } \`\`\` - *Type:* object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`RepositoryPolicyText\`Required \`\`\`csharp public object RepositoryPolicyText { get; } \`\`\` - *Type:* object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnRegistryPolicy - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnRegistryPolicy(Construct Scope, string Id, CfnRegistryPolicyProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnRegistryPolicyProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnRegistryPolicyProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRegistryPolicy.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRegistryPolicy.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRegistryPolicy.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrRegistryId | string | *No description.* | | PolicyText | object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrRegistryId\`Required \`\`\`csharp public string AttrRegistryId { get; } \`\`\` - *Type:* string --- ##### \`PolicyText\`Required \`\`\`csharp public object PolicyText { get; } \`\`\` - *Type:* object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnReplicationConfiguration - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnReplicationConfiguration(Construct Scope, string Id, CfnReplicationConfigurationProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnReplicationConfigurationProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnReplicationConfigurationProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnReplicationConfiguration.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnReplicationConfiguration.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnReplicationConfiguration.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrRegistryId | string | *No description.* | | ReplicationConfiguration | object | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrRegistryId\`Required \`\`\`csharp public string AttrRegistryId { get; } \`\`\` - *Type:* string --- ##### \`ReplicationConfiguration\`Required \`\`\`csharp public object ReplicationConfiguration { get; } \`\`\` - *Type:* object \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnRepository - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnRepository(Construct Scope, string Id, CfnRepositoryProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnRepositoryProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Optional - *Type:* CfnRepositoryProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRepository.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRepository.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; CfnRepository.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | AttrRepositoryUri | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::ECR::Repository.Tags\`. | | EncryptionConfiguration | object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | ImageScanningConfiguration | object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | RepositoryPolicyText | object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | ImageTagMutability | string | \`AWS::ECR::Repository.ImageTagMutability\`. | | LifecyclePolicy | object | \`AWS::ECR::Repository.LifecyclePolicy\`. | | RepositoryName | string | \`AWS::ECR::Repository.RepositoryName\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`AttrRepositoryUri\`Required \`\`\`csharp public string AttrRepositoryUri { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ##### \`EncryptionConfiguration\`Required \`\`\`csharp public object EncryptionConfiguration { get; } \`\`\` - *Type:* object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`ImageScanningConfiguration\`Required \`\`\`csharp public object ImageScanningConfiguration { get; } \`\`\` - *Type:* object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`RepositoryPolicyText\`Required \`\`\`csharp public object RepositoryPolicyText { get; } \`\`\` - *Type:* object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`ImageTagMutability\`Optional \`\`\`csharp public string ImageTagMutability { get; } \`\`\` - *Type:* string \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`LifecyclePolicy\`Optional \`\`\`csharp public object LifecyclePolicy { get; } \`\`\` - *Type:* object \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### Repository Define an ECR repository. #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new Repository(Construct Scope, string Id, RepositoryProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | RepositoryProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Optional - *Type:* RepositoryProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddToResourcePolicy | Add a policy statement to the repository's resource policy. | | Grant | Grant the given principal identity permissions to perform the actions on this repository. | | GrantPull | Grant the given identity permissions to use the images in this repository. | | GrantPullPush | Grant the given identity permissions to pull and push images to this repository. | | OnCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | OnCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | OnEvent | Defines a CloudWatch event rule which triggers for repository events. | | OnImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | RepositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | RepositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | AddLifecycleRule | Add a life cycle rule to the repository. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- ##### \`AddToResourcePolicy\` \`\`\`csharp private AddToResourcePolicyResult AddToResourcePolicy(PolicyStatement Statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`Statement\`Required - *Type:* Amazon.CDK.AWS.IAM.PolicyStatement --- ##### \`Grant\` \`\`\`csharp private Grant Grant(IGrantable Grantee, string Actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ###### \`Actions\`Required - *Type:* string --- ##### \`GrantPull\` \`\`\`csharp private Grant GrantPull(IGrantable Grantee) \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`GrantPullPush\` \`\`\`csharp private Grant GrantPullPush(IGrantable Grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`OnCloudTrailEvent\` \`\`\`csharp private Rule OnCloudTrailEvent(string Id, OnEventOptions Options = null) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions Options for adding the rule. --- ##### \`OnCloudTrailImagePushed\` \`\`\`csharp private Rule OnCloudTrailImagePushed(string Id, OnCloudTrailImagePushedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`OnEvent\` \`\`\`csharp private Rule OnEvent(string Id, OnEventOptions Options = null) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions --- ##### \`OnImageScanCompleted\` \`\`\`csharp private Rule OnImageScanCompleted(string Id, OnImageScanCompletedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`RepositoryUriForDigest\` \`\`\`csharp private string RepositoryUriForDigest(string Digest = null) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`Digest\`Optional - *Type:* string Optional image digest. --- ##### \`RepositoryUriForTag\` \`\`\`csharp private string RepositoryUriForTag(string Tag = null) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`Tag\`Optional - *Type:* string Optional image tag. --- ##### \`AddLifecycleRule\` \`\`\`csharp private void AddLifecycleRule(LifecycleRule Rule) \`\`\` Add a life cycle rule to the repository. Life cycle rules automatically expire images from the repository that match certain conditions. ###### \`Rule\`Required - *Type:* LifecycleRule --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | ArnForLocalRepository | Returns an ECR ARN for a repository that resides in the same account/region as the current stack. | | FromRepositoryArn | *No description.* | | FromRepositoryAttributes | Import a repository. | | FromRepositoryName | *No description.* | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Amazon.CDK.IConstruct --- ##### \`ArnForLocalRepository\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.ArnForLocalRepository(string RepositoryName, IConstruct Scope, string Account = null); \`\`\` Returns an ECR ARN for a repository that resides in the same account/region as the current stack. ###### \`RepositoryName\`Required - *Type:* string --- ###### \`Scope\`Required - *Type:* Constructs.IConstruct --- ###### \`Account\`Optional - *Type:* string --- ##### \`FromRepositoryArn\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.FromRepositoryArn(Construct Scope, string Id, string RepositoryArn); \`\`\` ###### \`Scope\`Required - *Type:* Constructs.Construct --- ###### \`Id\`Required - *Type:* string --- ###### \`RepositoryArn\`Required - *Type:* string --- ##### \`FromRepositoryAttributes\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.FromRepositoryAttributes(Construct Scope, string Id, RepositoryAttributes Attrs); \`\`\` Import a repository. ###### \`Scope\`Required - *Type:* Constructs.Construct --- ###### \`Id\`Required - *Type:* string --- ###### \`Attrs\`Required - *Type:* RepositoryAttributes --- ##### \`FromRepositoryName\` \`\`\`csharp using Amazon.CDK.AWS.ECR; Repository.FromRepositoryName(Construct Scope, string Id, string RepositoryName); \`\`\` ###### \`Scope\`Required - *Type:* Constructs.Construct --- ###### \`Id\`Required - *Type:* string --- ###### \`RepositoryName\`Required - *Type:* string --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | RepositoryArn | string | The ARN of the repository. | | RepositoryName | string | The name of the repository. | | RepositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`RepositoryArn\`Required \`\`\`csharp public string RepositoryArn { get; } \`\`\` - *Type:* string The ARN of the repository. --- ##### \`RepositoryName\`Required \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string The name of the repository. --- ##### \`RepositoryUri\`Required \`\`\`csharp public string RepositoryUri { get; } \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ### RepositoryBase - *Implements:* IRepository Base class for ECR repository. Reused between imported repositories and owned repositories. #### Initializers \`\`\`csharp using Amazon.CDK.AWS.ECR; new RepositoryBase(Construct Scope, string Id, ResourceProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | Amazon.CDK.ResourceProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Optional - *Type:* Amazon.CDK.ResourceProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddToResourcePolicy | Add a policy statement to the repository's resource policy. | | Grant | Grant the given principal identity permissions to perform the actions on this repository. | | GrantPull | Grant the given identity permissions to use the images in this repository. | | GrantPullPush | Grant the given identity permissions to pull and push images to this repository. | | OnCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | OnCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | OnEvent | Defines a CloudWatch event rule which triggers for repository events. | | OnImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | RepositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | RepositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- ##### \`AddToResourcePolicy\` \`\`\`csharp private AddToResourcePolicyResult AddToResourcePolicy(PolicyStatement Statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`Statement\`Required - *Type:* Amazon.CDK.AWS.IAM.PolicyStatement --- ##### \`Grant\` \`\`\`csharp private Grant Grant(IGrantable Grantee, string Actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ###### \`Actions\`Required - *Type:* string --- ##### \`GrantPull\` \`\`\`csharp private Grant GrantPull(IGrantable Grantee) \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`GrantPullPush\` \`\`\`csharp private Grant GrantPullPush(IGrantable Grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`OnCloudTrailEvent\` \`\`\`csharp private Rule OnCloudTrailEvent(string Id, OnEventOptions Options = null) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions Options for adding the rule. --- ##### \`OnCloudTrailImagePushed\` \`\`\`csharp private Rule OnCloudTrailImagePushed(string Id, OnCloudTrailImagePushedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`OnEvent\` \`\`\`csharp private Rule OnEvent(string Id, OnEventOptions Options = null) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions --- ##### \`OnImageScanCompleted\` \`\`\`csharp private Rule OnImageScanCompleted(string Id, OnImageScanCompletedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`RepositoryUriForDigest\` \`\`\`csharp private string RepositoryUriForDigest(string Digest = null) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`Digest\`Optional - *Type:* string Optional image digest. --- ##### \`RepositoryUriForTag\` \`\`\`csharp private string RepositoryUriForTag(string Tag = null) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`Tag\`Optional - *Type:* string Optional image tag. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK.AWS.ECR; RepositoryBase.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK.AWS.ECR; RepositoryBase.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Amazon.CDK.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | RepositoryArn | string | The ARN of the repository. | | RepositoryName | string | The name of the repository. | | RepositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`RepositoryArn\`Required \`\`\`csharp public string RepositoryArn { get; } \`\`\` - *Type:* string The ARN of the repository. --- ##### \`RepositoryName\`Required \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string The name of the repository. --- ##### \`RepositoryUri\`Required \`\`\`csharp public string RepositoryUri { get; } \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Structs ### CfnPublicRepositoryProps Properties for defining a \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnPublicRepositoryProps { object RepositoryCatalogData = null, string RepositoryName = null, object RepositoryPolicyText = null, CfnTag[] Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | RepositoryCatalogData | object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | RepositoryName | string | \`AWS::ECR::PublicRepository.RepositoryName\`. | | RepositoryPolicyText | object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | Tags | Amazon.CDK.CfnTag[] | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`RepositoryCatalogData\`Optional \`\`\`csharp public object RepositoryCatalogData { get; set; } \`\`\` - *Type:* object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; set; } \`\`\` - *Type:* string \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`RepositoryPolicyText\`Optional \`\`\`csharp public object RepositoryPolicyText { get; set; } \`\`\` - *Type:* object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`Tags\`Optional \`\`\`csharp public CfnTag[] Tags { get; set; } \`\`\` - *Type:* Amazon.CDK.CfnTag[] \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ### CfnRegistryPolicyProps Properties for defining a \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnRegistryPolicyProps { object PolicyText }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | PolicyText | object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`PolicyText\`Required \`\`\`csharp public object PolicyText { get; set; } \`\`\` - *Type:* object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- ### CfnReplicationConfigurationProps Properties for defining a \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnReplicationConfigurationProps { object ReplicationConfiguration }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ReplicationConfiguration | object | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`ReplicationConfiguration\`Required \`\`\`csharp public object ReplicationConfiguration { get; set; } \`\`\` - *Type:* object \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- ### CfnRepositoryProps Properties for defining a \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new CfnRepositoryProps { object EncryptionConfiguration = null, object ImageScanningConfiguration = null, string ImageTagMutability = null, object LifecyclePolicy = null, string RepositoryName = null, object RepositoryPolicyText = null, CfnTag[] Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | EncryptionConfiguration | object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | ImageScanningConfiguration | object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | ImageTagMutability | string | \`AWS::ECR::Repository.ImageTagMutability\`. | | LifecyclePolicy | object | \`AWS::ECR::Repository.LifecyclePolicy\`. | | RepositoryName | string | \`AWS::ECR::Repository.RepositoryName\`. | | RepositoryPolicyText | object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | Tags | Amazon.CDK.CfnTag[] | \`AWS::ECR::Repository.Tags\`. | --- ##### \`EncryptionConfiguration\`Optional \`\`\`csharp public object EncryptionConfiguration { get; set; } \`\`\` - *Type:* object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`ImageScanningConfiguration\`Optional \`\`\`csharp public object ImageScanningConfiguration { get; set; } \`\`\` - *Type:* object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`ImageTagMutability\`Optional \`\`\`csharp public string ImageTagMutability { get; set; } \`\`\` - *Type:* string \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`LifecyclePolicy\`Optional \`\`\`csharp public object LifecyclePolicy { get; set; } \`\`\` - *Type:* object \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; set; } \`\`\` - *Type:* string \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`RepositoryPolicyText\`Optional \`\`\`csharp public object RepositoryPolicyText { get; set; } \`\`\` - *Type:* object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`Tags\`Optional \`\`\`csharp public CfnTag[] Tags { get; set; } \`\`\` - *Type:* Amazon.CDK.CfnTag[] \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ### LifecyclePolicyProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new LifecyclePolicyProperty { string LifecyclePolicyText = null, string RegistryId = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | LifecyclePolicyText | string | \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. | | RegistryId | string | \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. | --- ##### \`LifecyclePolicyText\`Optional \`\`\`csharp public string LifecyclePolicyText { get; set; } \`\`\` - *Type:* string \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext) --- ##### \`RegistryId\`Optional \`\`\`csharp public string RegistryId { get; set; } \`\`\` - *Type:* string \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid) --- ### LifecycleRule An ECR life cycle rule. #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new LifecycleRule { string Description = null, Duration MaxImageAge = null, double MaxImageCount = null, double RulePriority = null, string[] TagPrefixList = null, TagStatus TagStatus = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Description | string | Describes the purpose of the rule. | | MaxImageAge | Amazon.CDK.Duration | The maximum age of images to retain. The value must represent a number of days. | | MaxImageCount | double | The maximum number of images to retain. | | RulePriority | double | Controls the order in which rules are evaluated (low to high). | | TagPrefixList | string[] | Select images that have ALL the given prefixes in their tag. | | TagStatus | TagStatus | Select images based on tags. | --- ##### \`Description\`Optional \`\`\`csharp public string Description { get; set; } \`\`\` - *Type:* string - *Default:* No description Describes the purpose of the rule. --- ##### \`MaxImageAge\`Optional \`\`\`csharp public Duration MaxImageAge { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`MaxImageCount\`Optional \`\`\`csharp public double MaxImageCount { get; set; } \`\`\` - *Type:* double The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`RulePriority\`Optional \`\`\`csharp public double RulePriority { get; set; } \`\`\` - *Type:* double - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ##### \`TagPrefixList\`Optional \`\`\`csharp public string[] TagPrefixList { get; set; } \`\`\` - *Type:* string[] Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ##### \`TagStatus\`Optional \`\`\`csharp public TagStatus TagStatus { get; set; } \`\`\` - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- ### OnCloudTrailImagePushedOptions Options for the onCloudTrailImagePushed method. #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new OnCloudTrailImagePushedOptions { string Description = null, EventPattern EventPattern = null, string RuleName = null, IRuleTarget Target = null, string ImageTag = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Description | string | A description of the rule's purpose. | | EventPattern | Amazon.CDK.AWS.Events.EventPattern | Additional restrictions for the event to route to the specified target. | | RuleName | string | A name for the rule. | | Target | Amazon.CDK.AWS.Events.IRuleTarget | The target to register for the event. | | ImageTag | string | Only watch changes to this image tag. | --- ##### \`Description\`Optional \`\`\`csharp public string Description { get; set; } \`\`\` - *Type:* string - *Default:* No description A description of the rule's purpose. --- ##### \`EventPattern\`Optional \`\`\`csharp public EventPattern EventPattern { get; set; } \`\`\` - *Type:* Amazon.CDK.AWS.Events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`RuleName\`Optional \`\`\`csharp public string RuleName { get; set; } \`\`\` - *Type:* string - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`Target\`Optional \`\`\`csharp public IRuleTarget Target { get; set; } \`\`\` - *Type:* Amazon.CDK.AWS.Events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`ImageTag\`Optional \`\`\`csharp public string ImageTag { get; set; } \`\`\` - *Type:* string - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ### OnImageScanCompletedOptions Options for the OnImageScanCompleted method. #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new OnImageScanCompletedOptions { string Description = null, EventPattern EventPattern = null, string RuleName = null, IRuleTarget Target = null, string[] ImageTags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Description | string | A description of the rule's purpose. | | EventPattern | Amazon.CDK.AWS.Events.EventPattern | Additional restrictions for the event to route to the specified target. | | RuleName | string | A name for the rule. | | Target | Amazon.CDK.AWS.Events.IRuleTarget | The target to register for the event. | | ImageTags | string[] | Only watch changes to the image tags spedified. | --- ##### \`Description\`Optional \`\`\`csharp public string Description { get; set; } \`\`\` - *Type:* string - *Default:* No description A description of the rule's purpose. --- ##### \`EventPattern\`Optional \`\`\`csharp public EventPattern EventPattern { get; set; } \`\`\` - *Type:* Amazon.CDK.AWS.Events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`RuleName\`Optional \`\`\`csharp public string RuleName { get; set; } \`\`\` - *Type:* string - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`Target\`Optional \`\`\`csharp public IRuleTarget Target { get; set; } \`\`\` - *Type:* Amazon.CDK.AWS.Events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`ImageTags\`Optional \`\`\`csharp public string[] ImageTags { get; set; } \`\`\` - *Type:* string[] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ### ReplicationConfigurationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new ReplicationConfigurationProperty { object Rules }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Rules | object | \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. | --- ##### \`Rules\`Required \`\`\`csharp public object Rules { get; set; } \`\`\` - *Type:* object \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules) --- ### ReplicationDestinationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new ReplicationDestinationProperty { string Region, string RegistryId }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Region | string | \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. | | RegistryId | string | \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. | --- ##### \`Region\`Required \`\`\`csharp public string Region { get; set; } \`\`\` - *Type:* string \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region) --- ##### \`RegistryId\`Required \`\`\`csharp public string RegistryId { get; set; } \`\`\` - *Type:* string \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid) --- ### ReplicationRuleProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html) #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new ReplicationRuleProperty { object Destinations }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Destinations | object | \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. | --- ##### \`Destinations\`Required \`\`\`csharp public object Destinations { get; set; } \`\`\` - *Type:* object \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations) --- ### RepositoryAttributes #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new RepositoryAttributes { string RepositoryArn, string RepositoryName }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | RepositoryArn | string | *No description.* | | RepositoryName | string | *No description.* | --- ##### \`RepositoryArn\`Required \`\`\`csharp public string RepositoryArn { get; set; } \`\`\` - *Type:* string --- ##### \`RepositoryName\`Required \`\`\`csharp public string RepositoryName { get; set; } \`\`\` - *Type:* string --- ### RepositoryProps #### Initializer \`\`\`csharp using Amazon.CDK.AWS.ECR; new RepositoryProps { bool ImageScanOnPush = null, TagMutability ImageTagMutability = null, string LifecycleRegistryId = null, LifecycleRule[] LifecycleRules = null, RemovalPolicy RemovalPolicy = null, string RepositoryName = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ImageScanOnPush | bool | Enable the scan on push when creating the repository. | | ImageTagMutability | TagMutability | The tag mutability setting for the repository. | | LifecycleRegistryId | string | The AWS account ID associated with the registry that contains the repository. | | LifecycleRules | LifecycleRule[] | Life cycle rules to apply to this registry. | | RemovalPolicy | Amazon.CDK.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | RepositoryName | string | Name for this repository. | --- ##### \`ImageScanOnPush\`Optional \`\`\`csharp public bool ImageScanOnPush { get; set; } \`\`\` - *Type:* bool - *Default:* false Enable the scan on push when creating the repository. --- ##### \`ImageTagMutability\`Optional \`\`\`csharp public TagMutability ImageTagMutability { get; set; } \`\`\` - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`LifecycleRegistryId\`Optional \`\`\`csharp public string LifecycleRegistryId { get; set; } \`\`\` - *Type:* string - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`LifecycleRules\`Optional \`\`\`csharp public LifecycleRule[] LifecycleRules { get; set; } \`\`\` - *Type:* LifecycleRule[] - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`RemovalPolicy\`Optional \`\`\`csharp public RemovalPolicy RemovalPolicy { get; set; } \`\`\` - *Type:* Amazon.CDK.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`RepositoryName\`Optional \`\`\`csharp public string RepositoryName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name. Name for this repository. --- ## Classes ### AuthorizationToken Authorization token to access private ECR repositories in the current environment via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) #### Static Functions | **Name** | **Description** | | --- | --- | | GrantRead | Grant access to retrieve an authorization token. | --- ##### \`GrantRead\` \`\`\`csharp using Amazon.CDK.AWS.ECR; AuthorizationToken.GrantRead(IGrantable Grantee); \`\`\` Grant access to retrieve an authorization token. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ### PublicGalleryAuthorizationToken Authorization token to access the global public ECR Gallery via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth) #### Static Functions | **Name** | **Description** | | --- | --- | | GrantRead | Grant access to retrieve an authorization token. | --- ##### \`GrantRead\` \`\`\`csharp using Amazon.CDK.AWS.ECR; PublicGalleryAuthorizationToken.GrantRead(IGrantable Grantee); \`\`\` Grant access to retrieve an authorization token. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ## Protocols ### IRepository - *Extends:* Amazon.CDK.IResource - *Implemented By:* Repository, RepositoryBase, IRepository Represents an ECR repository. #### Methods | **Name** | **Description** | | --- | --- | | AddToResourcePolicy | Add a policy statement to the repository's resource policy. | | Grant | Grant the given principal identity permissions to perform the actions on this repository. | | GrantPull | Grant the given identity permissions to pull images in this repository. | | GrantPullPush | Grant the given identity permissions to pull and push images to this repository. | | OnCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | OnCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | OnEvent | Defines a CloudWatch event rule which triggers for repository events. | | OnImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. | | RepositoryUriForDigest | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | | RepositoryUriForTag | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | --- ##### \`AddToResourcePolicy\` \`\`\`csharp private AddToResourcePolicyResult AddToResourcePolicy(PolicyStatement Statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`Statement\`Required - *Type:* Amazon.CDK.AWS.IAM.PolicyStatement --- ##### \`Grant\` \`\`\`csharp private Grant Grant(IGrantable Grantee, string Actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ###### \`Actions\`Required - *Type:* string --- ##### \`GrantPull\` \`\`\`csharp private Grant GrantPull(IGrantable Grantee) \`\`\` Grant the given identity permissions to pull images in this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`GrantPullPush\` \`\`\`csharp private Grant GrantPullPush(IGrantable Grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`Grantee\`Required - *Type:* Amazon.CDK.AWS.IAM.IGrantable --- ##### \`OnCloudTrailEvent\` \`\`\`csharp private Rule OnCloudTrailEvent(string Id, OnEventOptions Options = null) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions Options for adding the rule. --- ##### \`OnCloudTrailImagePushed\` \`\`\`csharp private Rule OnCloudTrailImagePushed(string Id, OnCloudTrailImagePushedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`OnEvent\` \`\`\`csharp private Rule OnEvent(string Id, OnEventOptions Options = null) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* Amazon.CDK.AWS.Events.OnEventOptions --- ##### \`OnImageScanCompleted\` \`\`\`csharp private Rule OnImageScanCompleted(string Id, OnImageScanCompletedOptions Options = null) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. ###### \`Id\`Required - *Type:* string The id of the rule. --- ###### \`Options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`RepositoryUriForDigest\` \`\`\`csharp private string RepositoryUriForDigest(string Digest = null) \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`Digest\`Optional - *Type:* string Image digest to use (tools usually default to the image with the "latest" tag if omitted). --- ##### \`RepositoryUriForTag\` \`\`\`csharp private string RepositoryUriForTag(string Tag = null) \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`Tag\`Optional - *Type:* string Image tag to use (tools usually default to "latest" if omitted). --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node for this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | RepositoryArn | string | The ARN of the repository. | | RepositoryName | string | The name of the repository. | | RepositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node for this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`RepositoryArn\`Required \`\`\`csharp public string RepositoryArn { get; } \`\`\` - *Type:* string The ARN of the repository. --- ##### \`RepositoryName\`Required \`\`\`csharp public string RepositoryName { get; } \`\`\` - *Type:* string The name of the repository. --- ##### \`RepositoryUri\`Required \`\`\`csharp public string RepositoryUri { get; } \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Enums ### TagMutability The tag mutability setting for your repository. #### Members | **Name** | **Description** | | --- | --- | | MUTABLE | allow image tags to be overwritten. | | IMMUTABLE | all image tags within the repository will be immutable which will prevent them from being overwritten. | --- ##### \`MUTABLE\` allow image tags to be overwritten. --- ##### \`IMMUTABLE\` all image tags within the repository will be immutable which will prevent them from being overwritten. --- ### TagStatus Select images based on tags. #### Members | **Name** | **Description** | | --- | --- | | ANY | Rule applies to all images. | | TAGGED | Rule applies to tagged images. | | UNTAGGED | Rule applies to untagged images. | --- ##### \`ANY\` Rule applies to all images. --- ##### \`TAGGED\` Rule applies to tagged images. --- ##### \`UNTAGGED\` Rule applies to untagged images. --- " `; exports[`csharp snapshot - submodules 1`] = ` "# Amazon EKS Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This construct library allows you to define [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com/eks/) clusters. In addition, the library also supports defining Kubernetes resource manifests within EKS clusters. ## Table Of Contents * [Quick Start](#quick-start) * [API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-eks-readme.html) * [Architectural Overview](#architectural-overview) * [Provisioning clusters](#provisioning-clusters) * [Managed node groups](#managed-node-groups) * [Fargate Profiles](#fargate-profiles) * [Self-managed nodes](#self-managed-nodes) * [Endpoint Access](#endpoint-access) * [VPC Support](#vpc-support) * [Kubectl Support](#kubectl-support) * [ARM64 Support](#arm64-support) * [Masters Role](#masters-role) * [Encryption](#encryption) * [Permissions and Security](#permissions-and-security) * [Applying Kubernetes Resources](#applying-kubernetes-resources) * [Kubernetes Manifests](#kubernetes-manifests) * [Helm Charts](#helm-charts) * [CDK8s Charts](#cdk8s-charts) * [Patching Kubernetes Resources](#patching-kubernetes-resources) * [Querying Kubernetes Resources](#querying-kubernetes-resources) * [Using existing clusters](#using-existing-clusters) * [Known Issues and Limitations](#known-issues-and-limitations) ## Quick Start This example defines an Amazon EKS cluster with the following configuration: * Dedicated VPC with default configuration (Implicitly created using [ec2.Vpc](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html#vpc)) * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image. \`\`\`ts // provisiong a cluster const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, }); // apply a kubernetes manifest to the cluster cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ] } }); \`\`\` In order to interact with your cluster through \`kubectl\`, you can use the \`aws eks update-kubeconfig\` [AWS CLI command](https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html) to configure your local kubeconfig. The EKS module will define a CloudFormation output in your stack which contains the command to run. For example: \`\`\`plaintext Outputs: ClusterConfigCommand43AAE40F = aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy \`\`\` Execute the \`aws eks update-kubeconfig ...\` command in your terminal to create or update a local kubeconfig context: \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` And now you can simply use \`kubectl\`: \`\`\`console $ kubectl get all -n kube-system NAME READY STATUS RESTARTS AGE pod/aws-node-fpmwv 1/1 Running 0 21m pod/aws-node-m9htf 1/1 Running 0 21m pod/coredns-5cb4fb54c7-q222j 1/1 Running 0 23m pod/coredns-5cb4fb54c7-v9nxx 1/1 Running 0 23m ... \`\`\` ## Architectural Overview The following is a qualitative diagram of the various possible components involved in the cluster deployment. \`\`\`text +-----------------------------------------------+ +-----------------+ | EKS Cluster | kubectl | | |-----------------------------------------------|<-------------+| Kubectl Handler | | | | | | | +-----------------+ | +--------------------+ +-----------------+ | | | | | | | | | Managed Node Group | | Fargate Profile | | +-----------------+ | | | | | | | | | +--------------------+ +-----------------+ | | Cluster Handler | | | | | +-----------------------------------------------+ +-----------------+ ^ ^ + | | | | connect self managed capacity | | aws-sdk | | create/update/delete | + | v +--------------------+ + +-------------------+ | | --------------+| eks.amazonaws.com | | Auto Scaling Group | +-------------------+ | | +--------------------+ \`\`\` In a nutshell: * \`EKS Cluster\` - The cluster endpoint created by EKS. * \`Managed Node Group\` - EC2 worker nodes managed by EKS. * \`Fargate Profile\` - Fargate worker nodes managed by EKS. * \`Auto Scaling Group\` - EC2 worker nodes managed by the user. * \`KubectlHandler\` - Lambda function for invoking \`kubectl\` commands on the cluster - created by CDK. * \`ClusterHandler\` - Lambda function for interacting with EKS API to manage the cluster lifecycle - created by CDK. A more detailed breakdown of each is provided further down this README. ## Provisioning clusters Creating a new cluster is done using the \`Cluster\` or \`FargateCluster\` constructs. The only required property is the kubernetes \`version\`. \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` You can also use \`FargateCluster\` to provision a cluster that uses only fargate workers. \`\`\`ts new eks.FargateCluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` > **NOTE: Only 1 cluster per stack is supported.** If you have a use-case for multiple clusters per stack, or would like to understand more about this limitation, see . Below you'll find a few important cluster configuration options. First of which is Capacity. Capacity is the amount and the type of worker nodes that are available to the cluster for deploying resources. Amazon EKS offers 3 ways of configuring capacity, which you can combine as you like: ### Managed node groups Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. With Amazon EKS managed node groups, you don’t need to separately provision or register the Amazon EC2 instances that provide compute capacity to run your Kubernetes applications. You can create, update, or terminate nodes for your cluster with a single operation. Nodes run using the latest Amazon EKS optimized AMIs in your AWS account while node updates and terminations gracefully drain nodes to ensure that your applications stay available. > For more details visit [Amazon EKS Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). **Managed Node Groups are the recommended way to allocate cluster capacity.** By default, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). At cluster instantiation time, you can customize the number of instances and their type: \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); \`\`\` To access the node group that was created on your behalf, you can use \`cluster.defaultNodegroup\`. Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the \`cluster.addNodegroupCapacity\` method: \`\`\`ts const cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 0, }); cluster.addNodegroupCapacity('custom-node-group', { instanceTypes: [new ec2.InstanceType('m5.large')], minSize: 4, diskSize: 100, amiType: eks.NodegroupAmiType.AL2_X86_64_GPU, ... }); \`\`\` #### Spot Instances Support Use \`capacityType\` to create managed node groups comprised of spot instances. To maximize the availability of your applications while using Spot Instances, we recommend that you configure a Spot managed node group to use multiple instance types with the \`instanceTypes\` property. > For more details visit [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types). \`\`\`ts cluster.addNodegroupCapacity('extra-ng-spot', { instanceTypes: [ new ec2.InstanceType('c5.large'), new ec2.InstanceType('c5a.large'), new ec2.InstanceType('c5d.large'), ], minSize: 3, capacityType: eks.CapacityType.SPOT, }); \`\`\` #### Launch Template Support You can specify a launch template that the node group will use. For example, this can be useful if you want to use a custom AMI or add custom user data. When supplying a custom user data script, it must be encoded in the MIME multi-part archive format, since Amazon EKS merges with its own user data. Visit the [Launch Template Docs](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data) for mode details. \`\`\`ts const userData = \`MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "Running custom user data script" --==MYBOUNDARY==--\\\\ \`; const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { instanceType: 't3.small', userData: Fn.base64(userData), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` Note that when using a custom AMI, Amazon EKS doesn't merge any user data. Which means you do not need the multi-part encoding. and are responsible for supplying the required bootstrap commands for nodes to join the cluster. In the following example, \`/ect/eks/bootstrap.sh\` from the AMI will be used to bootstrap the node. \`\`\`ts const userData = ec2.UserData.forLinux(); userData.addCommands( 'set -o xtrace', \`/etc/eks/bootstrap.sh \${cluster.clusterName}\`, ); const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { imageId: 'some-ami-id', // custom AMI instanceType: 't3.small', userData: Fn.base64(userData.render()), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` You may specify one \`instanceType\` in the launch template or multiple \`instanceTypes\` in the node group, **but not both**. > For more details visit [Launch Template Support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). Graviton 2 instance types are supported including \`c6g\`, \`m6g\`, \`r6g\` and \`t4g\`. ### Fargate profiles AWS Fargate is a technology that provides on-demand, right-sized compute capacity for containers. With AWS Fargate, you no longer have to provision, configure, or scale groups of virtual machines to run containers. This removes the need to choose server types, decide when to scale your node groups, or optimize cluster packing. You can control which pods start on Fargate and how they run with Fargate Profiles, which are defined as part of your Amazon EKS cluster. See [Fargate Considerations](https://docs.aws.amazon.com/eks/latest/userguide/fargate.html#fargate-considerations) in the AWS EKS User Guide. You can add Fargate Profiles to any EKS cluster defined in your CDK app through the \`addFargateProfile()\` method. The following example adds a profile that will match all pods from the "default" namespace: \`\`\`ts cluster.addFargateProfile('MyProfile', { selectors: [ { namespace: 'default' } ] }); \`\`\` You can also directly use the \`FargateProfile\` construct to create profiles under different scopes: \`\`\`ts new eks.FargateProfile(scope, 'MyProfile', { cluster, ... }); \`\`\` To create an EKS cluster that **only** uses Fargate capacity, you can use \`FargateCluster\`. The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns). \`\`\`ts const cluster = new eks.FargateCluster(this, 'MyCluster', { version: eks.KubernetesVersion.V1_19, }); \`\`\` **NOTE**: Classic Load Balancers and Network Load Balancers are not supported on pods running on Fargate. For ingress, we recommend that you use the [ALB Ingress Controller](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) on Amazon EKS (minimum version v1.1.4). ### Self-managed nodes Another way of allocating capacity to an EKS cluster is by using self-managed nodes. EC2 instances that are part of the auto-scaling group will serve as worker nodes for the cluster. This type of capacity is also commonly referred to as *EC2 Capacity** or *EC2 Nodes*. For a detailed overview please visit [Self Managed Nodes](https://docs.aws.amazon.com/eks/latest/userguide/worker.html). Creating an auto-scaling group and connecting it to the cluster is done using the \`cluster.addAutoScalingGroupCapacity\` method: \`\`\`ts cluster.addAutoScalingGroupCapacity('frontend-nodes', { instanceType: new ec2.InstanceType('t2.medium'), minCapacity: 3, vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC } }); \`\`\` To connect an already initialized auto-scaling group, use the \`cluster.connectAutoScalingGroupCapacity()\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...); cluster.connectAutoScalingGroupCapacity(asg); \`\`\` In both cases, the [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#cluster-sg) will be automatically attached to the auto-scaling group, allowing for traffic to flow freely between managed and self-managed nodes. > **Note:** The default \`updateType\` for auto-scaling groups does not replace existing nodes. Since security groups are determined at launch time, self-managed nodes that were provisioned with version \`1.78.0\` or lower, will not be updated. > To apply the new configuration on all your self-managed nodes, you'll need to replace the nodes using the \`UpdateType.REPLACING_UPDATE\` policy for the [\`updateType\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-autoscaling.AutoScalingGroup.html#updatetypespan-classapi-icon-api-icon-deprecated-titlethis-api-element-is-deprecated-its-use-is-not-recommended%EF%B8%8Fspan) property. You can customize the [/etc/eks/boostrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) script, which is responsible for bootstrapping the node to the EKS cluster. For example, you can use \`kubeletExtraArgs\` to add custom node labels or taints. \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { instanceType: new ec2.InstanceType('t3.large'), minCapacity: 2, bootstrapOptions: { kubeletExtraArgs: '--node-labels foo=bar,goo=far', awsApiRetryAttempts: 5 } }); \`\`\` To disable bootstrapping altogether (i.e. to fully customize user-data), set \`bootstrapEnabled\` to \`false\`. You can also configure the cluster to use an auto-scaling group as the default capacity: \`\`\`ts cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacityType: eks.DefaultCapacityType.EC2, }); \`\`\` This will allocate an auto-scaling group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). To access the \`AutoScalingGroup\` that was created on your behalf, you can use \`cluster.defaultCapacity\`. You can also independently create an \`AutoScalingGroup\` and connect it to the cluster using the \`cluster.connectAutoScalingGroupCapacity\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...) cluster.connectAutoScalingGroupCapacity(asg); \`\`\` This will add the necessary user-data to access the apiserver and configure all connections, roles, and tags needed for the instances in the auto-scaling group to properly join the cluster. #### Spot Instances When using self-managed nodes, you can configure the capacity to use spot instances, greatly reducing capacity cost. To enable spot capacity, use the \`spotPrice\` property: \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { spotPrice: '0.1094', instanceType: new ec2.InstanceType('t3.large'), maxCapacity: 10 }); \`\`\` > Spot instance nodes will be labeled with \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. The [AWS Node Termination Handler](https://github.com/aws/aws-node-termination-handler) \`DaemonSet\` will be installed from [Amazon EKS Helm chart repository](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler) on these nodes. The termination handler ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as [EC2 maintenance events](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) and [EC2 Spot interruptions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html) and helps gracefully stop all pods running on spot nodes that are about to be terminated. > Handler Version: [1.7.0](https://github.com/aws/aws-node-termination-handler/releases/tag/v1.7.0) > > Chart Version: [0.9.5](https://github.com/aws/eks-charts/blob/v0.0.28/stable/aws-node-termination-handler/Chart.yaml) To disable the installation of the termination handler, set the \`spotInterruptHandler\` property to \`false\`. This applies both to \`addAutoScalingGroupCapacity\` and \`connectAutoScalingGroupCapacity\`. #### Bottlerocket [Bottlerocket](https://aws.amazon.com/bottlerocket/) is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts. At this moment, \`Bottlerocket\` is only supported when using self-managed auto-scaling groups. > **NOTICE**: Bottlerocket is only available in [some supported AWS regions](https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#finding-an-ami). The following example will create an auto-scaling group of 2 \`t3.small\` Linux instances running with the \`Bottlerocket\` AMI. \`\`\`ts cluster.addAutoScalingGroupCapacity('BottlerocketNodes', { instanceType: new ec2.InstanceType('t3.small'), minCapacity: 2, machineImageType: eks.MachineImageType.BOTTLEROCKET }); \`\`\` The specific Bottlerocket AMI variant will be auto selected according to the k8s version for the \`x86_64\` architecture. For example, if the Amazon EKS cluster version is \`1.17\`, the Bottlerocket AMI variant will be auto selected as \`aws-k8s-1.17\` behind the scene. > See [Variants](https://github.com/bottlerocket-os/bottlerocket/blob/develop/README.md#variants) for more details. Please note Bottlerocket does not allow to customize bootstrap options and \`bootstrapOptions\` properties is not supported when you create the \`Bottlerocket\` capacity. ### Endpoint Access When you create a new cluster, Amazon EKS creates an endpoint for the managed Kubernetes API server that you use to communicate with your cluster (using Kubernetes management tools such as \`kubectl\`) By default, this API server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC). You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the \`endpointAccess\` property: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, endpointAccess: eks.EndpointAccess.PRIVATE // No access outside of your VPC. }); \`\`\` The default value is \`eks.EndpointAccess.PUBLIC_AND_PRIVATE\`. Which means the cluster endpoint is accessible from outside of your VPC, but worker node traffic and \`kubectl\` commands issued by this library stay within your VPC. ### VPC Support You can specify the VPC of the cluster using the \`vpc\` and \`vpcSubnets\` properties: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }] }); \`\`\` > Note: Isolated VPCs (i.e with no internet access) are not currently supported. See https://github.com/aws/aws-cdk/issues/12171 If you do not specify a VPC, one will be created on your behalf, which you can then access via \`cluster.vpc\`. The cluster VPC will be associated to any EKS managed capacity (i.e Managed Node Groups and Fargate Profiles). If you allocate self managed capacity, you can specify which subnets should the auto-scaling group use: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); cluster.addAutoScalingGroupCapacity('nodes', { vpcSubnets: { subnets: vpc.privateSubnets } }); \`\`\` There are two additional components you might want to provision within the VPC. #### Kubectl Handler The \`KubectlHandler\` is a Lambda function responsible to issuing \`kubectl\` and \`helm\` commands against the cluster when you add resource manifests to the cluster. The handler association to the VPC is derived from the \`endpointAccess\` configuration. The rule of thumb is: *If the cluster VPC can be associated, it will be*. Breaking this down, it means that if the endpoint exposes private access (via \`EndpointAccess.PRIVATE\` or \`EndpointAccess.PUBLIC_AND_PRIVATE\`), and the VPC contains **private** subnets, the Lambda function will be provisioned inside the VPC and use the private subnets to interact with the cluster. This is the common use-case. If the endpoint does not expose private access (via \`EndpointAccess.PUBLIC\`) **or** the VPC does not contain private subnets, the function will not be provisioned within the VPC. #### Cluster Handler The \`ClusterHandler\` is a Lambda function responsible to interact with the EKS API in order to control the cluster lifecycle. To provision this function inside the VPC, set the \`placeClusterHandlerInVpc\` property to \`true\`. This will place the function inside the private subnets of the VPC based on the selection strategy specified in the [\`vpcSubnets\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-eks.Cluster.html#vpcsubnetsspan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) property. You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, clusterHandlerEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` ### Kubectl Support The resources are created in the cluster by running \`kubectl apply\` from a python lambda function. #### Environment You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` #### Runtime The kubectl handler uses \`kubectl\`, \`helm\` and the \`aws\` CLI in order to interact with the cluster. These are bundled into AWS Lambda layers included in the \`@aws-cdk/lambda-layer-awscli\` and \`@aws-cdk/lambda-layer-kubectl\` modules. You can specify a custom \`lambda.LayerVersion\` if you wish to use a different version of these tools. The handler expects the layer to include the following three executables: \`\`\`text helm/helm kubectl/kubectl awscli/aws \`\`\` See more information in the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-awscli/layer) for @aws-cdk/lambda-layer-awscli and the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-kubectl/layer) for @aws-cdk/lambda-layer-kubectl. \`\`\`ts const layer = new lambda.LayerVersion(this, 'KubectlLayer', { code: lambda.Code.fromAsset('layer.zip'), }); \`\`\` Now specify when the cluster is defined: \`\`\`ts const cluster = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, }); // or const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlLayer: layer, }); \`\`\` #### Memory By default, the kubectl provider is configured with 1024MiB of memory. You can use the \`kubectlMemory\` option to specify the memory size for the AWS Lambda function: \`\`\`ts import { Size } from 'aws-cdk-lib'; new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); // or eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); \`\`\` ### ARM64 Support Instance types with \`ARM64\` architecture are supported in both managed nodegroup and self-managed capacity. Simply specify an ARM64 \`instanceType\` (such as \`m6g.medium\`), and the latest Amazon Linux 2 AMI for ARM64 will be automatically selected. \`\`\`ts // add a managed ARM64 nodegroup cluster.addNodegroupCapacity('extra-ng-arm', { instanceTypes: [new ec2.InstanceType('m6g.medium')], minSize: 2, }); // add a self-managed ARM64 nodegroup cluster.addAutoScalingGroupCapacity('self-ng-arm', { instanceType: new ec2.InstanceType('m6g.medium'), minCapacity: 2, }) \`\`\` ### Masters Role When you create a cluster, you can specify a \`mastersRole\`. The \`Cluster\` construct will associate this role with the \`system:masters\` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster. \`\`\`ts const role = new iam.Role(...); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, mastersRole: role, }); \`\`\` If you do not specify it, a default role will be created on your behalf, that can be assumed by anyone in the account with \`sts:AssumeRole\` permissions for this role. This is the role you see as part of the stack outputs mentioned in the [Quick Start](#quick-start). \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` ### Encryption When you create an Amazon EKS cluster, envelope encryption of Kubernetes secrets using the AWS Key Management Service (AWS KMS) can be enabled. The documentation on [creating a cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) can provide more details about the customer master key (CMK) that can be used for the encryption. You can use the \`secretsEncryptionKey\` to configure which key the cluster will use to encrypt Kubernetes secrets. By default, an AWS Managed key will be used. > This setting can only be specified when the cluster is created and cannot be updated. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, // ... }); \`\`\` You can also use a similar configuration for running a cluster built using the FargateCluster construct. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey }); \`\`\` The Amazon Resource Name (ARN) for that CMK can be retrieved. \`\`\`ts const clusterEncryptionConfigKeyArn = cluster.clusterEncryptionConfigKeyArn; \`\`\` ## Permissions and Security Amazon EKS provides several mechanism of securing the cluster and granting permissions to specific IAM users and roles. ### AWS IAM Mapping As described in the [Amazon EKS User Guide](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html), you can map AWS IAM users and roles to [Kubernetes Role-based access control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac). The Amazon EKS construct manages the *aws-auth* \`ConfigMap\` Kubernetes resource on your behalf and exposes an API through the \`cluster.awsAuth\` for mapping users, roles and accounts. Furthermore, when auto-scaling group capacity is added to the cluster, the IAM instance role of the auto-scaling group will be automatically mapped to RBAC so nodes can connect to the cluster. No manual mapping is required. For example, let's say you want to grant an IAM user administrative privileges on your cluster: \`\`\`ts const adminUser = new iam.User(this, 'Admin'); cluster.awsAuth.addUserMapping(adminUser, { groups: [ 'system:masters' ]}); \`\`\` A convenience method for mapping a role to the \`system:masters\` group is also available: \`\`\`ts cluster.awsAuth.addMastersRole(role) \`\`\` ### Cluster Security Group When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) is automatically created as well. This security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. The ID for that security group can be retrieved after creating the cluster. \`\`\`ts const clusterSecurityGroupId = cluster.clusterSecurityGroupId; \`\`\` ### Node SSH Access If you want to be able to SSH into your worker nodes, you must already have an SSH key in the region you're connecting to and pass it when you add capacity to the cluster. You must also be able to connect to the hosts (meaning they must have a public IP and you should be allowed to connect to them on port 22): See [SSH into nodes](test/example.ssh-into-nodes.lit.ts) for a code example. If you want to SSH into nodes in a private subnet, you should set up a bastion host in a public subnet. That setup is recommended, but is unfortunately beyond the scope of this documentation. ### Service Accounts With services account you can provide Kubernetes Pods access to AWS resources. \`\`\`ts // add service account const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); const mypod = cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { serviceAccountName: sa.serviceAccountName containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ], } ] } }); // create the resource after the service account. mypod.node.addDependency(sa); // print the IAM role arn for this service account new cdk.CfnOutput(this, 'ServiceAccountIamRole', { value: sa.role.roleArn }) \`\`\` Note that using \`sa.serviceAccountName\` above **does not** translate into a resource dependency. This is why an explicit dependency is needed. See for more details. You can also add service accounts to existing clusters. To do so, pass the \`openIdConnectProvider\` property when you import the cluster into the application. \`\`\`ts // you can import an existing provider const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC'); // or create a new one using an existing issuer url const provider = new eks.OpenIdConnectProvider(this, 'Provider', issuerUrl); const cluster = eks.Cluster.fromClusterAttributes({ clusterName: 'Cluster', openIdConnectProvider: provider, kubectlRoleArn: 'arn:aws:iam::123456:role/service-role/k8sservicerole', }); const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); // ... \`\`\` Note that adding service accounts requires running \`kubectl\` commands against the cluster. This means you must also pass the \`kubectlRoleArn\` when importing the cluster. See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/master/packages/@aws-cdk/aws-eks#using-existing-clusters). ## Applying Kubernetes Resources The library supports several popular resource deployment mechanisms, among which are: ### Kubernetes Manifests The \`KubernetesManifest\` construct or \`cluster.addManifest\` method can be used to apply Kubernetes resource manifests to this cluster. > When using \`cluster.addManifest\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new KubernetesManifest\` to create the manifest in the scope of the other stack. The following examples will deploy the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) service on the cluster: \`\`\`ts const appLabel = { app: "hello-kubernetes" }; const deployment = { apiVersion: "apps/v1", kind: "Deployment", metadata: { name: "hello-kubernetes" }, spec: { replicas: 3, selector: { matchLabels: appLabel }, template: { metadata: { labels: appLabel }, spec: { containers: [ { name: "hello-kubernetes", image: "paulbouwer/hello-kubernetes:1.5", ports: [ { containerPort: 8080 } ] } ] } } } }; const service = { apiVersion: "v1", kind: "Service", metadata: { name: "hello-kubernetes" }, spec: { type: "LoadBalancer", ports: [ { port: 80, targetPort: 8080 } ], selector: appLabel } }; // option 1: use a construct new KubernetesManifest(this, 'hello-kub', { cluster, manifest: [ deployment, service ] }); // or, option2: use \`addManifest\` cluster.addManifest('hello-kub', service, deployment); \`\`\` #### Adding resources from a URL The following example will deploy the resource manifest hosting on remote server: \`\`\`ts import * as yaml from 'js-yaml'; import * as request from 'sync-request'; const manifestUrl = 'https://url/of/manifest.yaml'; const manifest = yaml.safeLoadAll(request('GET', manifestUrl).getBody()); cluster.addManifest('my-resource', ...manifest); \`\`\` #### Dependencies There are cases where Kubernetes resources must be deployed in a specific order. For example, you cannot define a resource in a Kubernetes namespace before the namespace was created. You can represent dependencies between \`KubernetesManifest\`s using \`resource.node.addDependency()\`: \`\`\`ts const namespace = cluster.addManifest('my-namespace', { apiVersion: 'v1', kind: 'Namespace', metadata: { name: 'my-app' } }); const service = cluster.addManifest('my-service', { metadata: { name: 'myservice', namespace: 'my-app' }, spec: // ... }); service.node.addDependency(namespace); // will apply \`my-namespace\` before \`my-service\`. \`\`\` **NOTE:** when a \`KubernetesManifest\` includes multiple resources (either directly or through \`cluster.addManifest()\`) (e.g. \`cluster.addManifest('foo', r1, r2, r3,...)\`), these resources will be applied as a single manifest via \`kubectl\` and will be applied sequentially (the standard behavior in \`kubectl\`). --- Since Kubernetes manifests are implemented as CloudFormation resources in the CDK. This means that if the manifest is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`kubectl delete\` command and the Kubernetes resources in that manifest will be deleted. #### Resource Pruning When a resource is deleted from a Kubernetes manifest, the EKS module will automatically delete these resources by injecting a _prune label_ to all manifest resources. This label is then passed to [\`kubectl apply --prune\`]. [\`kubectl apply --prune\`]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label Pruning is enabled by default but can be disabled through the \`prune\` option when a cluster is defined: \`\`\`ts new Cluster(this, 'MyCluster', { prune: false }); \`\`\` #### Manifests Validation The \`kubectl\` CLI supports applying a manifest by skipping the validation. This can be accomplished by setting the \`skipValidation\` flag to \`true\` in the \`KubernetesManifest\` props. \`\`\`ts new eks.KubernetesManifest(this, 'HelloAppWithoutValidation', { cluster: this.cluster, manifest: [ deployment, service ], skipValidation: true, }); \`\`\` ### Helm Charts The \`HelmChart\` construct or \`cluster.addHelmChart\` method can be used to add Kubernetes resources to this cluster using Helm. > When using \`cluster.addHelmChart\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new HelmChart\` to create the chart in the scope of the other stack. The following example will install the [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to your cluster using Helm. \`\`\`ts // option 1: use a construct new HelmChart(this, 'NginxIngress', { cluster, chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); // or, option2: use \`addHelmChart\` cluster.addHelmChart('NginxIngress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); \`\`\` Helm charts will be installed and updated using \`helm upgrade --install\`, where a few parameters are being passed down (such as \`repo\`, \`values\`, \`version\`, \`namespace\`, \`wait\`, \`timeout\`, etc). This means that if the chart is added to CDK with the same release name, it will try to update the chart in the cluster. Helm charts are implemented as CloudFormation resources in CDK. This means that if the chart is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`helm uninstall\` command and the Helm chart will be deleted. When there is no \`release\` defined, a unique ID will be allocated for the release based on the construct path. By default, all Helm charts will be installed concurrently. In some cases, this could cause race conditions where two Helm charts attempt to deploy the same resource or if Helm charts depend on each other. You can use \`chart.node.addDependency()\` in order to declare a dependency order between charts: \`\`\`ts const chart1 = cluster.addHelmChart(...); const chart2 = cluster.addHelmChart(...); chart2.node.addDependency(chart1); \`\`\` #### CDK8s Charts [CDK8s](https://cdk8s.io/) is an open-source library that enables Kubernetes manifest authoring using familiar programming languages. It is founded on the same technologies as the AWS CDK, such as [\`constructs\`](https://github.com/aws/constructs) and [\`jsii\`](https://github.com/aws/jsii). > To learn more about cdk8s, visit the [Getting Started](https://github.com/awslabs/cdk8s/tree/master/docs/getting-started) tutorials. The EKS module natively integrates with cdk8s and allows you to apply cdk8s charts on AWS EKS clusters via the \`cluster.addCdk8sChart\` method. In addition to \`cdk8s\`, you can also use [\`cdk8s+\`](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-plus), which provides higher level abstraction for the core kubernetes api objects. You can think of it like the \`L2\` constructs for Kubernetes. Any other \`cdk8s\` based libraries are also supported, for example [\`cdk8s-debore\`](https://github.com/toricls/cdk8s-debore). To get started, add the following dependencies to your \`package.json\` file: \`\`\`json "dependencies": { "cdk8s": "0.30.0", "cdk8s-plus": "0.30.0", "constructs": "3.0.4" } \`\`\` > Note that the version of \`cdk8s\` must be \`>=0.30.0\`. Similarly to how you would create a stack by extending \`@aws-cdk/core.Stack\`, we recommend you create a chart of your own that extends \`cdk8s.Chart\`, and add your kubernetes resources to it. You can use \`aws-cdk\` construct attributes and properties inside your \`cdk8s\` construct freely. In this example we create a chart that accepts an \`s3.Bucket\` and passes its name to a kubernetes pod as an environment variable. Notice that the chart must accept a \`constructs.Construct\` type as its scope, not an \`@aws-cdk/core.Construct\` as you would normally use. For this reason, to avoid possible confusion, we will create the chart in a separate file: \`+ my-chart.ts\` \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface MyChartProps { readonly bucket: s3.Bucket; } export class MyChart extends cdk8s.Chart { constructor(scope: constructs.Construct, id: string, props: MyChartProps) { super(scope, id); new kplus.Pod(this, 'Pod', { spec: { containers: [ new kplus.Container({ image: 'my-image', env: { BUCKET_NAME: kplus.EnvValue.fromValue(props.bucket.bucketName), }, }), ], }, }); } } \`\`\` Then, in your AWS CDK app: \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as cdk8s from 'cdk8s'; import { MyChart } from './my-chart'; // some bucket.. const bucket = new s3.Bucket(this, 'Bucket'); // create a cdk8s chart and use \`cdk8s.App\` as the scope. const myChart = new MyChart(new cdk8s.App(), 'MyChart', { bucket }); // add the cdk8s chart to the cluster cluster.addCdk8sChart('my-chart', myChart); \`\`\` ##### Custom CDK8s Constructs You can also compose a few stock \`cdk8s+\` constructs into your own custom construct. However, since mixing scopes between \`aws-cdk\` and \`cdk8s\` is currently not supported, the \`Construct\` class you'll need to use is the one from the [\`constructs\`](https://github.com/aws/constructs) module, and not from \`@aws-cdk/core\` like you normally would. This is why we used \`new cdk8s.App()\` as the scope of the chart above. \`\`\`ts import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface LoadBalancedWebService { readonly port: number; readonly image: string; readonly replicas: number; } export class LoadBalancedWebService extends constructs.Construct { constructor(scope: constructs.Construct, id: string, props: LoadBalancedWebService) { super(scope, id); const deployment = new kplus.Deployment(chart, 'Deployment', { spec: { replicas: props.replicas, podSpecTemplate: { containers: [ new kplus.Container({ image: props.image }) ] } }, }); deployment.expose({port: props.port, serviceType: kplus.ServiceType.LOAD_BALANCER}) } } \`\`\` ##### Manually importing k8s specs and CRD's If you find yourself unable to use \`cdk8s+\`, or just like to directly use the \`k8s\` native objects or CRD's, you can do so by manually importing them using the \`cdk8s-cli\`. See [Importing kubernetes objects](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-cli#import) for detailed instructions. ## Patching Kubernetes Resources The \`KubernetesPatch\` construct can be used to update existing kubernetes resources. The following example can be used to patch the \`hello-kubernetes\` deployment from the example above with 5 replicas. \`\`\`ts new KubernetesPatch(this, 'hello-kub-deployment-label', { cluster, resourceName: "deployment/hello-kubernetes", applyPatch: { spec: { replicas: 5 } }, restorePatch: { spec: { replicas: 3 } } }) \`\`\` ## Querying Kubernetes Resources The \`KubernetesObjectValue\` construct can be used to query for information about kubernetes objects, and use that as part of your CDK application. For example, you can fetch the address of a [\`LoadBalancer\`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) type service: \`\`\`ts // query the load balancer address const myServiceAddress = new KubernetesObjectValue(this, 'LoadBalancerAttribute', { cluster: cluster, objectType: 'service', objectName: 'my-service', jsonPath: '.status.loadBalancer.ingress[0].hostname', // https://kubernetes.io/docs/reference/kubectl/jsonpath/ }); // pass the address to a lambda function const proxyFunction = new lambda.Function(this, 'ProxyFunction', { ... environment: { myServiceAddress: myServiceAddress.value }, }) \`\`\` Specifically, since the above use-case is quite common, there is an easier way to access that information: \`\`\`ts const loadBalancerAddress = cluster.getServiceLoadBalancerAddress('my-service'); \`\`\` ## Using existing clusters The Amazon EKS library allows defining Kubernetes resources such as [Kubernetes manifests](#kubernetes-resources) and [Helm charts](#helm-charts) on clusters that are not defined as part of your CDK app. First, you'll need to "import" a cluster to your CDK app. To do that, use the \`eks.Cluster.fromClusterAttributes()\` static method: \`\`\`ts const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { clusterName: 'my-cluster-name', kubectlRoleArn: 'arn:aws:iam::1111111:role/iam-role-that-has-masters-access', }); \`\`\` Then, you can use \`addManifest\` or \`addHelmChart\` to define resources inside your Kubernetes cluster. For example: \`\`\`ts cluster.addManifest('Test', { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'myconfigmap', }, data: { Key: 'value', Another: '123454', }, }); \`\`\` At the minimum, when importing clusters for \`kubectl\` management, you will need to specify: * \`clusterName\` - the name of the cluster. * \`kubectlRoleArn\` - the ARN of an IAM role mapped to the \`system:masters\` RBAC role. If the cluster you are importing was created using the AWS CDK, the CloudFormation stack has an output that includes an IAM role that can be used. Otherwise, you can create an IAM role and map it to \`system:masters\` manually. The trust policy of this role should include the the \`arn:aws::iam::\${accountId}:root\` principal in order to allow the execution role of the kubectl resource to assume it. If the cluster is configured with private-only or private and restricted public Kubernetes [endpoint access](#endpoint-access), you must also specify: * \`kubectlSecurityGroupId\` - the ID of an EC2 security group that is allowed connections to the cluster's control security group. For example, the EKS managed [cluster security group](#cluster-security-group). * \`kubectlPrivateSubnetIds\` - a list of private VPC subnets IDs that will be used to access the Kubernetes endpoint. ## Known Issues and Limitations * [One cluster per stack](https://github.com/aws/aws-cdk/issues/10073) * [Service Account dependencies](https://github.com/aws/aws-cdk/issues/9910) * [Support isolated VPCs](https://github.com/aws/aws-cdk/issues/12171) # API Reference ## Constructs ### AwsAuth Manages mapping between IAM users and roles to Kubernetes RBAC configuration. > [https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html) #### Initializers \`\`\`csharp using Amazon.CDK; new AwsAuth(Construct Scope, string Id, AwsAuthProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | AwsAuthProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* AwsAuthProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | AddAccount | Additional AWS account to add to the aws-auth configmap. | | AddMastersRole | Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. | | AddRoleMapping | Adds a mapping between an IAM role to a Kubernetes user and groups. | | AddUserMapping | Adds a mapping between an IAM user to a Kubernetes user and groups. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`AddAccount\` \`\`\`csharp private void AddAccount(string AccountId) \`\`\` Additional AWS account to add to the aws-auth configmap. ###### \`AccountId\`Required - *Type:* string account number. --- ##### \`AddMastersRole\` \`\`\`csharp private void AddMastersRole(IRole Role, string Username = null) \`\`\` Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. ###### \`Role\`Required - *Type:* Amazon.CDK.aws_iam.IRole The IAM role to add. --- ###### \`Username\`Optional - *Type:* string Optional user (defaults to the role ARN). --- ##### \`AddRoleMapping\` \`\`\`csharp private void AddRoleMapping(IRole Role, AwsAuthMapping Mapping) \`\`\` Adds a mapping between an IAM role to a Kubernetes user and groups. ###### \`Role\`Required - *Type:* Amazon.CDK.aws_iam.IRole The IAM role to map. --- ###### \`Mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- ##### \`AddUserMapping\` \`\`\`csharp private void AddUserMapping(IUser User, AwsAuthMapping Mapping) \`\`\` Adds a mapping between an IAM user to a Kubernetes user and groups. ###### \`User\`Required - *Type:* Amazon.CDK.aws_iam.IUser The IAM user to map. --- ###### \`Mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; AwsAuth.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ### CfnAddon - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializers \`\`\`csharp using Amazon.CDK; new CfnAddon(Construct Scope, string Id, CfnAddonProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnAddonProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Constructs.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnAddonProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", new [] { "myattribute" }); cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; CfnAddon.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK; CfnAddon.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK; CfnAddon.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::EKS::Addon.Tags\`. | | AddonName | string | \`AWS::EKS::Addon.AddonName\`. | | ClusterName | string | \`AWS::EKS::Addon.ClusterName\`. | | AddonVersion | string | \`AWS::EKS::Addon.AddonVersion\`. | | ResolveConflicts | string | \`AWS::EKS::Addon.ResolveConflicts\`. | | ServiceAccountRoleArn | string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ##### \`AddonName\`Required \`\`\`csharp public string AddonName { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`AddonVersion\`Optional \`\`\`csharp public string AddonVersion { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`ResolveConflicts\`Optional \`\`\`csharp public string ResolveConflicts { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`ServiceAccountRoleArn\`Optional \`\`\`csharp public string ServiceAccountRoleArn { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnCluster - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializers \`\`\`csharp using Amazon.CDK; new CfnCluster(Construct Scope, string Id, CfnClusterProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnClusterProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Constructs.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnClusterProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", new [] { "myattribute" }); cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; CfnCluster.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK; CfnCluster.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK; CfnCluster.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | AttrCertificateAuthorityData | string | *No description.* | | AttrClusterSecurityGroupId | string | *No description.* | | AttrEncryptionConfigKeyArn | string | *No description.* | | AttrEndpoint | string | *No description.* | | AttrOpenIdConnectIssuerUrl | string | *No description.* | | ResourcesVpcConfig | object | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | RoleArn | string | \`AWS::EKS::Cluster.RoleArn\`. | | EncryptionConfig | object | \`AWS::EKS::Cluster.EncryptionConfig\`. | | KubernetesNetworkConfig | object | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | Name | string | \`AWS::EKS::Cluster.Name\`. | | Version | string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`AttrCertificateAuthorityData\`Required \`\`\`csharp public string AttrCertificateAuthorityData { get; } \`\`\` - *Type:* string --- ##### \`AttrClusterSecurityGroupId\`Required \`\`\`csharp public string AttrClusterSecurityGroupId { get; } \`\`\` - *Type:* string --- ##### \`AttrEncryptionConfigKeyArn\`Required \`\`\`csharp public string AttrEncryptionConfigKeyArn { get; } \`\`\` - *Type:* string --- ##### \`AttrEndpoint\`Required \`\`\`csharp public string AttrEndpoint { get; } \`\`\` - *Type:* string --- ##### \`AttrOpenIdConnectIssuerUrl\`Required \`\`\`csharp public string AttrOpenIdConnectIssuerUrl { get; } \`\`\` - *Type:* string --- ##### \`ResourcesVpcConfig\`Required \`\`\`csharp public object ResourcesVpcConfig { get; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`RoleArn\`Required \`\`\`csharp public string RoleArn { get; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`EncryptionConfig\`Optional \`\`\`csharp public object EncryptionConfig { get; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`KubernetesNetworkConfig\`Optional \`\`\`csharp public object KubernetesNetworkConfig { get; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnFargateProfile - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializers \`\`\`csharp using Amazon.CDK; new CfnFargateProfile(Construct Scope, string Id, CfnFargateProfileProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnFargateProfileProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Constructs.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnFargateProfileProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", new [] { "myattribute" }); cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; CfnFargateProfile.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK; CfnFargateProfile.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK; CfnFargateProfile.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::EKS::FargateProfile.Tags\`. | | ClusterName | string | \`AWS::EKS::FargateProfile.ClusterName\`. | | PodExecutionRoleArn | string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | Selectors | object | \`AWS::EKS::FargateProfile.Selectors\`. | | FargateProfileName | string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | Subnets | string[] | \`AWS::EKS::FargateProfile.Subnets\`. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`PodExecutionRoleArn\`Required \`\`\`csharp public string PodExecutionRoleArn { get; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`Selectors\`Required \`\`\`csharp public object Selectors { get; } \`\`\` - *Type:* object \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`FargateProfileName\`Optional \`\`\`csharp public string FargateProfileName { get; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`Subnets\`Optional \`\`\`csharp public string[] Subnets { get; } \`\`\` - *Type:* string[] \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnNodegroup - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializers \`\`\`csharp using Amazon.CDK; new CfnNodegroup(Construct Scope, string Id, CfnNodegroupProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnNodegroupProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Constructs.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnNodegroupProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", new [] { "myattribute" }); cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; CfnNodegroup.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK; CfnNodegroup.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK; CfnNodegroup.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | AttrClusterName | string | *No description.* | | AttrNodegroupName | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::EKS::Nodegroup.Tags\`. | | ClusterName | string | \`AWS::EKS::Nodegroup.ClusterName\`. | | Labels | object | \`AWS::EKS::Nodegroup.Labels\`. | | NodeRole | string | \`AWS::EKS::Nodegroup.NodeRole\`. | | Subnets | string[] | \`AWS::EKS::Nodegroup.Subnets\`. | | AmiType | string | \`AWS::EKS::Nodegroup.AmiType\`. | | CapacityType | string | \`AWS::EKS::Nodegroup.CapacityType\`. | | DiskSize | double | \`AWS::EKS::Nodegroup.DiskSize\`. | | ForceUpdateEnabled | object | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | InstanceTypes | string[] | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | LaunchTemplate | object | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | NodegroupName | string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | ReleaseVersion | string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | RemoteAccess | object | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | ScalingConfig | object | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | Taints | object | \`AWS::EKS::Nodegroup.Taints\`. | | Version | string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`AttrClusterName\`Required \`\`\`csharp public string AttrClusterName { get; } \`\`\` - *Type:* string --- ##### \`AttrNodegroupName\`Required \`\`\`csharp public string AttrNodegroupName { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`Labels\`Required \`\`\`csharp public object Labels { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`NodeRole\`Required \`\`\`csharp public string NodeRole { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`Subnets\`Required \`\`\`csharp public string[] Subnets { get; } \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`AmiType\`Optional \`\`\`csharp public string AmiType { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`CapacityType\`Optional \`\`\`csharp public string CapacityType { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`DiskSize\`Optional \`\`\`csharp public double DiskSize { get; } \`\`\` - *Type:* double \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`ForceUpdateEnabled\`Optional \`\`\`csharp public object ForceUpdateEnabled { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`InstanceTypes\`Optional \`\`\`csharp public string[] InstanceTypes { get; } \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`LaunchTemplate\`Optional \`\`\`csharp public object LaunchTemplate { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`NodegroupName\`Optional \`\`\`csharp public string NodegroupName { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`ReleaseVersion\`Optional \`\`\`csharp public string ReleaseVersion { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`RemoteAccess\`Optional \`\`\`csharp public object RemoteAccess { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`ScalingConfig\`Optional \`\`\`csharp public object ScalingConfig { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`Taints\`Optional \`\`\`csharp public object Taints { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### Cluster - *Implements:* ICluster A Cluster represents a managed Kubernetes Service (EKS). This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes. #### Initializers \`\`\`csharp using Amazon.CDK; new Cluster(Construct Scope, string Id, ClusterProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | a Construct, most likely a cdk.Stack created. | | Id | string | the id of the Construct to create. | | Props | ClusterProps | properties in the IClusterProps interface. | --- ##### \`Scope\`Required - *Type:* Constructs.Construct a Construct, most likely a cdk.Stack created. --- ##### \`Id\`Required - *Type:* string the id of the Construct to create. --- ##### \`Props\`Required - *Type:* ClusterProps properties in the IClusterProps interface. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddFargateProfile | Adds a Fargate profile to this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | ConnectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | GetServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- ##### \`AddAutoScalingGroupCapacity\` \`\`\`csharp private AutoScalingGroup AddAutoScalingGroupCapacity(string Id, AutoScalingGroupCapacityOptions Options) \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`AddCdk8sChart\` \`\`\`csharp private KubernetesManifest AddCdk8sChart(string Id, Construct Chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Chart\`Required - *Type:* Constructs.Construct the cdk8s chart. --- ##### \`AddFargateProfile\` \`\`\`csharp private FargateProfile AddFargateProfile(string Id, FargateProfileOptions Options) \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`Id\`Required - *Type:* string the id of this profile. --- ###### \`Options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`AddHelmChart\` \`\`\`csharp private HelmChart AddHelmChart(string Id, HelmChartOptions Options) \`\`\` Defines a Helm chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`csharp private KubernetesManifest AddManifest(string Id, System.Collections.Generic.IDictionary Manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`Id\`Required - *Type:* string logical id of this manifest. --- ###### \`Manifest\`Required - *Type:* System.Collections.Generic.IDictionary a list of Kubernetes resource specifications. --- ##### \`AddNodegroupCapacity\` \`\`\`csharp private Nodegroup AddNodegroupCapacity(string Id, NodegroupOptions Options = null) \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`Id\`Required - *Type:* string The ID of the nodegroup. --- ###### \`Options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`AddServiceAccount\` \`\`\`csharp private ServiceAccount AddServiceAccount(string Id, ServiceAccountOptions Options = null) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* ServiceAccountOptions --- ##### \`ConnectAutoScalingGroupCapacity\` \`\`\`csharp private void ConnectAutoScalingGroupCapacity(AutoScalingGroup AutoScalingGroup, AutoScalingGroupOptions Options) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`AutoScalingGroup\`Required - *Type:* Amazon.CDK.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`Options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`GetServiceLoadBalancerAddress\` \`\`\`csharp private string GetServiceLoadBalancerAddress(string ServiceName, ServiceLoadBalancerAddressOptions Options = null) \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`ServiceName\`Required - *Type:* string The name of the service. --- ###### \`Options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsResource | Check whether the given construct is a Resource. | | FromClusterAttributes | Import an existing cluster. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; Cluster.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK; Cluster.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- ##### \`FromClusterAttributes\` \`\`\`csharp using Amazon.CDK; Cluster.FromClusterAttributes(Construct Scope, string Id, ClusterAttributes Attrs); \`\`\` Import an existing cluster. ###### \`Scope\`Required - *Type:* Constructs.Construct the construct scope, in most cases 'this'. --- ###### \`Id\`Required - *Type:* string the id or name to import as. --- ###### \`Attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | AdminRole | Amazon.CDK.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | AwsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | ClusterArn | string | The AWS generated ARN for the Cluster resource. | | ClusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | string | The endpoint URL for the Cluster. | | ClusterName | string | The Name of the created EKS Cluster. | | ClusterOpenIdConnectIssuer | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | ClusterOpenIdConnectIssuerUrl | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | ClusterSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | Connections | Amazon.CDK.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | OpenIdConnectProvider | Amazon.CDK.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | Prune | bool | Determines if Kubernetes resources can be pruned automatically. | | Role | Amazon.CDK.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which this Cluster was created. | | DefaultCapacity | Amazon.CDK.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | DefaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | The amount of memory allocated to the kubectl provider's lambda function. | | KubectlPrivateSubnets | Amazon.CDK.aws_ec2.ISubnet[] | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | Amazon.CDK.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`AdminRole\`Required \`\`\`csharp public Role AdminRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`AwsAuth\`Required \`\`\`csharp public AwsAuth AwsAuth { get; } \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`ClusterArn\`Required \`\`\`csharp public string ClusterArn { get; } \`\`\` - *Type:* string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666;cluster / prod; \`\`\` ##### \`ClusterCertificateAuthorityData\`Required \`\`\`csharp public string ClusterCertificateAuthorityData { get; } \`\`\` - *Type:* string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`csharp public string ClusterEncryptionConfigKeyArn { get; } \`\`\` - *Type:* string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`csharp public string ClusterEndpoint { get; } \`\`\` - *Type:* string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string The Name of the created EKS Cluster. --- ##### \`ClusterOpenIdConnectIssuer\`Required \`\`\`csharp public string ClusterOpenIdConnectIssuer { get; } \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterOpenIdConnectIssuerUrl\`Required \`\`\`csharp public string ClusterOpenIdConnectIssuerUrl { get; } \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterSecurityGroup\`Required \`\`\`csharp public ISecurityGroup ClusterSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`csharp public string ClusterSecurityGroupId { get; } \`\`\` - *Type:* string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`Connections\`Required \`\`\`csharp public Connections Connections { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`csharp public IOpenIdConnectProvider OpenIdConnectProvider { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`Prune\`Required \`\`\`csharp public bool Prune { get; } \`\`\` - *Type:* bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`Role\`Required \`\`\`csharp public IRole Role { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`Vpc\`Required \`\`\`csharp public IVpc Vpc { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`DefaultCapacity\`Optional \`\`\`csharp public AutoScalingGroup DefaultCapacity { get; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`DefaultNodegroup\`Optional \`\`\`csharp public Nodegroup DefaultNodegroup { get; } \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; } \`\`\` - *Type:* System.Collections.Generic.IDictionary Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; } \`\`\` - *Type:* Amazon.CDK.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`csharp public ISubnet[] KubectlPrivateSubnets { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISubnet[] - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`KubectlRole\`Optional \`\`\`csharp public IRole KubectlRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`csharp public ISecurityGroup KubectlSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateCluster Defines an EKS cluster that runs entirely on AWS Fargate. The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using \`addFargateProfile\`. #### Initializers \`\`\`csharp using Amazon.CDK; new FargateCluster(Construct Scope, string Id, FargateClusterProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | FargateClusterProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* FargateClusterProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddFargateProfile | Adds a Fargate profile to this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | ConnectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | GetServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- ##### \`AddAutoScalingGroupCapacity\` \`\`\`csharp private AutoScalingGroup AddAutoScalingGroupCapacity(string Id, AutoScalingGroupCapacityOptions Options) \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`AddCdk8sChart\` \`\`\`csharp private KubernetesManifest AddCdk8sChart(string Id, Construct Chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Chart\`Required - *Type:* Constructs.Construct the cdk8s chart. --- ##### \`AddFargateProfile\` \`\`\`csharp private FargateProfile AddFargateProfile(string Id, FargateProfileOptions Options) \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`Id\`Required - *Type:* string the id of this profile. --- ###### \`Options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`AddHelmChart\` \`\`\`csharp private HelmChart AddHelmChart(string Id, HelmChartOptions Options) \`\`\` Defines a Helm chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`csharp private KubernetesManifest AddManifest(string Id, System.Collections.Generic.IDictionary Manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`Id\`Required - *Type:* string logical id of this manifest. --- ###### \`Manifest\`Required - *Type:* System.Collections.Generic.IDictionary a list of Kubernetes resource specifications. --- ##### \`AddNodegroupCapacity\` \`\`\`csharp private Nodegroup AddNodegroupCapacity(string Id, NodegroupOptions Options = null) \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`Id\`Required - *Type:* string The ID of the nodegroup. --- ###### \`Options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`AddServiceAccount\` \`\`\`csharp private ServiceAccount AddServiceAccount(string Id, ServiceAccountOptions Options = null) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* ServiceAccountOptions --- ##### \`ConnectAutoScalingGroupCapacity\` \`\`\`csharp private void ConnectAutoScalingGroupCapacity(AutoScalingGroup AutoScalingGroup, AutoScalingGroupOptions Options) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`AutoScalingGroup\`Required - *Type:* Amazon.CDK.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`Options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`GetServiceLoadBalancerAddress\` \`\`\`csharp private string GetServiceLoadBalancerAddress(string ServiceName, ServiceLoadBalancerAddressOptions Options = null) \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`ServiceName\`Required - *Type:* string The name of the service. --- ###### \`Options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsResource | Check whether the given construct is a Resource. | | FromClusterAttributes | Import an existing cluster. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; FargateCluster.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK; FargateCluster.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- ##### \`FromClusterAttributes\` \`\`\`csharp using Amazon.CDK; FargateCluster.FromClusterAttributes(Construct Scope, string Id, ClusterAttributes Attrs); \`\`\` Import an existing cluster. ###### \`Scope\`Required - *Type:* Constructs.Construct the construct scope, in most cases 'this'. --- ###### \`Id\`Required - *Type:* string the id or name to import as. --- ###### \`Attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | AdminRole | Amazon.CDK.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | AwsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | ClusterArn | string | The AWS generated ARN for the Cluster resource. | | ClusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | string | The endpoint URL for the Cluster. | | ClusterName | string | The Name of the created EKS Cluster. | | ClusterOpenIdConnectIssuer | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | ClusterOpenIdConnectIssuerUrl | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | ClusterSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | Connections | Amazon.CDK.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | OpenIdConnectProvider | Amazon.CDK.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | Prune | bool | Determines if Kubernetes resources can be pruned automatically. | | Role | Amazon.CDK.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which this Cluster was created. | | DefaultCapacity | Amazon.CDK.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | DefaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | The amount of memory allocated to the kubectl provider's lambda function. | | KubectlPrivateSubnets | Amazon.CDK.aws_ec2.ISubnet[] | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | Amazon.CDK.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`AdminRole\`Required \`\`\`csharp public Role AdminRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`AwsAuth\`Required \`\`\`csharp public AwsAuth AwsAuth { get; } \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`ClusterArn\`Required \`\`\`csharp public string ClusterArn { get; } \`\`\` - *Type:* string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666;cluster / prod; \`\`\` ##### \`ClusterCertificateAuthorityData\`Required \`\`\`csharp public string ClusterCertificateAuthorityData { get; } \`\`\` - *Type:* string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`csharp public string ClusterEncryptionConfigKeyArn { get; } \`\`\` - *Type:* string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`csharp public string ClusterEndpoint { get; } \`\`\` - *Type:* string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string The Name of the created EKS Cluster. --- ##### \`ClusterOpenIdConnectIssuer\`Required \`\`\`csharp public string ClusterOpenIdConnectIssuer { get; } \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterOpenIdConnectIssuerUrl\`Required \`\`\`csharp public string ClusterOpenIdConnectIssuerUrl { get; } \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterSecurityGroup\`Required \`\`\`csharp public ISecurityGroup ClusterSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`csharp public string ClusterSecurityGroupId { get; } \`\`\` - *Type:* string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`Connections\`Required \`\`\`csharp public Connections Connections { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`csharp public IOpenIdConnectProvider OpenIdConnectProvider { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`Prune\`Required \`\`\`csharp public bool Prune { get; } \`\`\` - *Type:* bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`Role\`Required \`\`\`csharp public IRole Role { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`Vpc\`Required \`\`\`csharp public IVpc Vpc { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`DefaultCapacity\`Optional \`\`\`csharp public AutoScalingGroup DefaultCapacity { get; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`DefaultNodegroup\`Optional \`\`\`csharp public Nodegroup DefaultNodegroup { get; } \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; } \`\`\` - *Type:* System.Collections.Generic.IDictionary Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; } \`\`\` - *Type:* Amazon.CDK.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`csharp public ISubnet[] KubectlPrivateSubnets { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISubnet[] - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`KubectlRole\`Optional \`\`\`csharp public IRole KubectlRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`csharp public ISecurityGroup KubectlSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateProfile - *Implements:* Amazon.CDK.ITaggable Fargate profiles allows an administrator to declare which pods run on Fargate. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate. If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate. #### Initializers \`\`\`csharp using Amazon.CDK; new FargateProfile(Construct Scope, string Id, FargateProfileProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | FargateProfileProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* FargateProfileProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; FargateProfile.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | FargateProfileArn | string | The full Amazon Resource Name (ARN) of the Fargate profile. | | FargateProfileName | string | The name of the Fargate profile. | | PodExecutionRole | Amazon.CDK.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | Tags | Amazon.CDK.TagManager | Resource tags. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`FargateProfileArn\`Required \`\`\`csharp public string FargateProfileArn { get; } \`\`\` - *Type:* string The full Amazon Resource Name (ARN) of the Fargate profile. --- ##### \`FargateProfileName\`Required \`\`\`csharp public string FargateProfileName { get; } \`\`\` - *Type:* string The name of the Fargate profile. --- ##### \`PodExecutionRole\`Required \`\`\`csharp public IRole PodExecutionRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager Resource tags. --- ### HelmChart Represents a helm chart within the Kubernetes system. Applies/deletes the resources using \`kubectl\` in sync with the resource. #### Initializers \`\`\`csharp using Amazon.CDK; new HelmChart(Construct Scope, string Id, HelmChartProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | HelmChartProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* HelmChartProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; HelmChart.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | string | The CloudFormation resource type. | --- ##### \`ResourceType\`Required \`\`\`csharp public string ResourceType { get; } \`\`\` - *Type:* string The CloudFormation resource type. --- ### KubernetesManifest Represents a manifest within the Kubernetes system. Alternatively, you can use \`cluster.addManifest(resource[, resource, ...])\` to define resources on this cluster. Applies/deletes the manifest using \`kubectl\`. #### Initializers \`\`\`csharp using Amazon.CDK; new KubernetesManifest(Construct Scope, string Id, KubernetesManifestProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | KubernetesManifestProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* KubernetesManifestProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; KubernetesManifest.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | string | The CloudFormation reosurce type. | --- ##### \`ResourceType\`Required \`\`\`csharp public string ResourceType { get; } \`\`\` - *Type:* string The CloudFormation reosurce type. --- ### KubernetesObjectValue Represents a value of a specific object deployed in the cluster. Use this to fetch any information available by the \`kubectl get\` command. #### Initializers \`\`\`csharp using Amazon.CDK; new KubernetesObjectValue(Construct Scope, string Id, KubernetesObjectValueProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | KubernetesObjectValueProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* KubernetesObjectValueProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; KubernetesObjectValue.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | Value | string | The value as a string token. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`Value\`Required \`\`\`csharp public string Value { get; } \`\`\` - *Type:* string The value as a string token. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | string | The CloudFormation reosurce type. | --- ##### \`ResourceType\`Required \`\`\`csharp public string ResourceType { get; } \`\`\` - *Type:* string The CloudFormation reosurce type. --- ### KubernetesPatch A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource. > [https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/) #### Initializers \`\`\`csharp using Amazon.CDK; new KubernetesPatch(Construct Scope, string Id, KubernetesPatchProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | KubernetesPatchProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* KubernetesPatchProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; KubernetesPatch.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ### Nodegroup - *Implements:* INodegroup The Nodegroup resource class. #### Initializers \`\`\`csharp using Amazon.CDK; new Nodegroup(Construct Scope, string Id, NodegroupProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | NodegroupProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* NodegroupProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsResource | Check whether the given construct is a Resource. | | FromNodegroupName | Import the Nodegroup from attributes. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; Nodegroup.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK; Nodegroup.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- ##### \`FromNodegroupName\` \`\`\`csharp using Amazon.CDK; Nodegroup.FromNodegroupName(Construct Scope, string Id, string NodegroupName); \`\`\` Import the Nodegroup from attributes. ###### \`Scope\`Required - *Type:* Constructs.Construct --- ###### \`Id\`Required - *Type:* string --- ###### \`NodegroupName\`Required - *Type:* string --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | Cluster | ICluster | the Amazon EKS cluster resource. | | NodegroupArn | string | ARN of the nodegroup. | | NodegroupName | string | Nodegroup name. | | Role | Amazon.CDK.aws_iam.IRole | IAM role of the instance profile for the nodegroup. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; } \`\`\` - *Type:* ICluster the Amazon EKS cluster resource. --- ##### \`NodegroupArn\`Required \`\`\`csharp public string NodegroupArn { get; } \`\`\` - *Type:* string ARN of the nodegroup. --- ##### \`NodegroupName\`Required \`\`\`csharp public string NodegroupName { get; } \`\`\` - *Type:* string Nodegroup name. --- ##### \`Role\`Required \`\`\`csharp public IRole Role { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole IAM role of the instance profile for the nodegroup. --- ### OpenIdConnectProvider IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster > [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) #### Initializers \`\`\`csharp using Amazon.CDK; new OpenIdConnectProvider(Construct Scope, string Id, OpenIdConnectProviderProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | The definition scope. | | Id | string | Construct ID. | | Props | OpenIdConnectProviderProps | Initialization properties. | --- ##### \`Scope\`Required - *Type:* Constructs.Construct The definition scope. --- ##### \`Id\`Required - *Type:* string Construct ID. --- ##### \`Props\`Required - *Type:* OpenIdConnectProviderProps Initialization properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsResource | Check whether the given construct is a Resource. | | FromOpenIdConnectProviderArn | Imports an Open ID connect provider from an ARN. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; OpenIdConnectProvider.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK; OpenIdConnectProvider.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- ##### \`FromOpenIdConnectProviderArn\` \`\`\`csharp using Amazon.CDK; OpenIdConnectProvider.FromOpenIdConnectProviderArn(Construct Scope, string Id, string OpenIdConnectProviderArn); \`\`\` Imports an Open ID connect provider from an ARN. ###### \`Scope\`Required - *Type:* Constructs.Construct The definition scope. --- ###### \`Id\`Required - *Type:* string ID of the construct. --- ###### \`OpenIdConnectProviderArn\`Required - *Type:* string the ARN to import. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | OpenIdConnectProviderArn | string | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. | | OpenIdConnectProviderIssuer | string | The issuer for OIDC Provider. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`OpenIdConnectProviderArn\`Required \`\`\`csharp public string OpenIdConnectProviderArn { get; } \`\`\` - *Type:* string The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. --- ##### \`OpenIdConnectProviderIssuer\`Required \`\`\`csharp public string OpenIdConnectProviderIssuer { get; } \`\`\` - *Type:* string The issuer for OIDC Provider. --- ### ServiceAccount - *Implements:* Amazon.CDK.aws_iam.IPrincipal Service Account. #### Initializers \`\`\`csharp using Amazon.CDK; new ServiceAccount(Construct Scope, string Id, ServiceAccountProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | ServiceAccountProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* ServiceAccountProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | AddToPrincipalPolicy | Add to the policy of this principal. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`AddToPrincipalPolicy\` \`\`\`csharp private AddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement Statement) \`\`\` Add to the policy of this principal. ###### \`Statement\`Required - *Type:* Amazon.CDK.aws_iam.PolicyStatement --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`csharp using Amazon.CDK; ServiceAccount.IsConstruct(object X); \`\`\` Checks if \`x\` is a construct. ###### \`X\`Required - *Type:* object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | AssumeRoleAction | string | When this Principal is used in an AssumeRole policy, the action to use. | | GrantPrincipal | Amazon.CDK.aws_iam.IPrincipal | The principal to grant permissions to. | | PolicyFragment | Amazon.CDK.aws_iam.PrincipalPolicyFragment | Return the policy fragment that identifies this principal in a Policy. | | Role | Amazon.CDK.aws_iam.IRole | The role which is linked to the service account. | | ServiceAccountName | string | The name of the service account. | | ServiceAccountNamespace | string | The namespace where the service account is located in. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`AssumeRoleAction\`Required \`\`\`csharp public string AssumeRoleAction { get; } \`\`\` - *Type:* string When this Principal is used in an AssumeRole policy, the action to use. --- ##### \`GrantPrincipal\`Required \`\`\`csharp public IPrincipal GrantPrincipal { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IPrincipal The principal to grant permissions to. --- ##### \`PolicyFragment\`Required \`\`\`csharp public PrincipalPolicyFragment PolicyFragment { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.PrincipalPolicyFragment Return the policy fragment that identifies this principal in a Policy. --- ##### \`Role\`Required \`\`\`csharp public IRole Role { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole The role which is linked to the service account. --- ##### \`ServiceAccountName\`Required \`\`\`csharp public string ServiceAccountName { get; } \`\`\` - *Type:* string The name of the service account. --- ##### \`ServiceAccountNamespace\`Required \`\`\`csharp public string ServiceAccountNamespace { get; } \`\`\` - *Type:* string The namespace where the service account is located in. --- ## Structs ### AutoScalingGroupCapacityOptions Options for adding worker nodes. #### Initializer \`\`\`csharp using Amazon.CDK; new AutoScalingGroupCapacityOptions { bool AllowAllOutbound = null, bool AssociatePublicIpAddress = null, string AutoScalingGroupName = null, BlockDevice[] BlockDevices = null, Duration Cooldown = null, double DesiredCapacity = null, GroupMetrics[] GroupMetrics = null, HealthCheck HealthCheck = null, bool IgnoreUnmodifiedSizeProperties = null, Monitoring InstanceMonitoring = null, string KeyName = null, double MaxCapacity = null, Duration MaxInstanceLifetime = null, double MinCapacity = null, bool NewInstancesProtectedFromScaleIn = null, NotificationConfiguration[] Notifications = null, Signals Signals = null, string SpotPrice = null, UpdatePolicy UpdatePolicy = null, SubnetSelection VpcSubnets = null, InstanceType InstanceType, bool BootstrapEnabled = null, BootstrapOptions BootstrapOptions = null, MachineImageType MachineImageType = null, bool MapRole = null, bool SpotInterruptHandler = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AllowAllOutbound | bool | Whether the instances can initiate connections to anywhere by default. | | AssociatePublicIpAddress | bool | Whether instances in the Auto Scaling Group should have public IP addresses associated with them. | | AutoScalingGroupName | string | The name of the Auto Scaling group. | | BlockDevices | Amazon.CDK.aws_autoscaling.BlockDevice[] | Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. | | Cooldown | Amazon.CDK.Duration | Default scaling cooldown for this AutoScalingGroup. | | DesiredCapacity | double | Initial amount of instances in the fleet. | | GroupMetrics | Amazon.CDK.aws_autoscaling.GroupMetrics[] | Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. | | HealthCheck | Amazon.CDK.aws_autoscaling.HealthCheck | Configuration for health checks. | | IgnoreUnmodifiedSizeProperties | bool | If the ASG has scheduled actions, don't reset unchanged group sizes. | | InstanceMonitoring | Amazon.CDK.aws_autoscaling.Monitoring | Controls whether instances in this group are launched with detailed or basic monitoring. | | KeyName | string | Name of SSH keypair to grant access to instances. | | MaxCapacity | double | Maximum number of instances in the fleet. | | MaxInstanceLifetime | Amazon.CDK.Duration | The maximum amount of time that an instance can be in service. | | MinCapacity | double | Minimum number of instances in the fleet. | | NewInstancesProtectedFromScaleIn | bool | Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. | | Notifications | Amazon.CDK.aws_autoscaling.NotificationConfiguration[] | Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). | | Signals | Amazon.CDK.aws_autoscaling.Signals | Configure waiting for signals during deployment. | | SpotPrice | string | The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. | | UpdatePolicy | Amazon.CDK.aws_autoscaling.UpdatePolicy | What to do when an AutoScalingGroup's instance configuration is changed. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection | Where to place instances within the VPC. | | InstanceType | Amazon.CDK.aws_ec2.InstanceType | Instance type of the instances to start. | | BootstrapEnabled | bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | BootstrapOptions | BootstrapOptions | EKS node bootstrapping options. | | MachineImageType | MachineImageType | Machine image type. | | MapRole | bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | SpotInterruptHandler | bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`AllowAllOutbound\`Optional \`\`\`csharp public bool AllowAllOutbound { get; set; } \`\`\` - *Type:* bool - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ##### \`AssociatePublicIpAddress\`Optional \`\`\`csharp public bool AssociatePublicIpAddress { get; set; } \`\`\` - *Type:* bool - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ##### \`AutoScalingGroupName\`Optional \`\`\`csharp public string AutoScalingGroupName { get; set; } \`\`\` - *Type:* string - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ##### \`BlockDevices\`Optional \`\`\`csharp public BlockDevice[] BlockDevices { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.BlockDevice[] - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ##### \`Cooldown\`Optional \`\`\`csharp public Duration Cooldown { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ##### \`DesiredCapacity\`Optional \`\`\`csharp public double DesiredCapacity { get; set; } \`\`\` - *Type:* double - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ##### \`GroupMetrics\`Optional \`\`\`csharp public GroupMetrics[] GroupMetrics { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.GroupMetrics[] - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ##### \`HealthCheck\`Optional \`\`\`csharp public HealthCheck HealthCheck { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ##### \`IgnoreUnmodifiedSizeProperties\`Optional \`\`\`csharp public bool IgnoreUnmodifiedSizeProperties { get; set; } \`\`\` - *Type:* bool - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ##### \`InstanceMonitoring\`Optional \`\`\`csharp public Monitoring InstanceMonitoring { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ##### \`KeyName\`Optional \`\`\`csharp public string KeyName { get; set; } \`\`\` - *Type:* string - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ##### \`MaxCapacity\`Optional \`\`\`csharp public double MaxCapacity { get; set; } \`\`\` - *Type:* double - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ##### \`MaxInstanceLifetime\`Optional \`\`\`csharp public Duration MaxInstanceLifetime { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ##### \`MinCapacity\`Optional \`\`\`csharp public double MinCapacity { get; set; } \`\`\` - *Type:* double - *Default:* 1 Minimum number of instances in the fleet. --- ##### \`NewInstancesProtectedFromScaleIn\`Optional \`\`\`csharp public bool NewInstancesProtectedFromScaleIn { get; set; } \`\`\` - *Type:* bool - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ##### \`Notifications\`Optional \`\`\`csharp public NotificationConfiguration[] Notifications { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.NotificationConfiguration[] - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ##### \`Signals\`Optional \`\`\`csharp public Signals Signals { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ##### \`SpotPrice\`Optional \`\`\`csharp public string SpotPrice { get; set; } \`\`\` - *Type:* string - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ##### \`UpdatePolicy\`Optional \`\`\`csharp public UpdatePolicy UpdatePolicy { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ##### \`InstanceType\`Required \`\`\`csharp public InstanceType InstanceType { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType Instance type of the instances to start. --- ##### \`BootstrapEnabled\`Optional \`\`\`csharp public bool BootstrapEnabled { get; set; } \`\`\` - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`BootstrapOptions\`Optional \`\`\`csharp public BootstrapOptions BootstrapOptions { get; set; } \`\`\` - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ##### \`MachineImageType\`Optional \`\`\`csharp public MachineImageType MachineImageType { get; set; } \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ##### \`MapRole\`Optional \`\`\`csharp public bool MapRole { get; set; } \`\`\` - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`SpotInterruptHandler\`Optional \`\`\`csharp public bool SpotInterruptHandler { get; set; } \`\`\` - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ### AutoScalingGroupOptions Options for adding an AutoScalingGroup as capacity. #### Initializer \`\`\`csharp using Amazon.CDK; new AutoScalingGroupOptions { bool BootstrapEnabled = null, BootstrapOptions BootstrapOptions = null, MachineImageType MachineImageType = null, bool MapRole = null, bool SpotInterruptHandler = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | BootstrapEnabled | bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | BootstrapOptions | BootstrapOptions | Allows options for node bootstrapping through EC2 user data. | | MachineImageType | MachineImageType | Allow options to specify different machine image type. | | MapRole | bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | SpotInterruptHandler | bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`BootstrapEnabled\`Optional \`\`\`csharp public bool BootstrapEnabled { get; set; } \`\`\` - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`BootstrapOptions\`Optional \`\`\`csharp public BootstrapOptions BootstrapOptions { get; set; } \`\`\` - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ##### \`MachineImageType\`Optional \`\`\`csharp public MachineImageType MachineImageType { get; set; } \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ##### \`MapRole\`Optional \`\`\`csharp public bool MapRole { get; set; } \`\`\` - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`SpotInterruptHandler\`Optional \`\`\`csharp public bool SpotInterruptHandler { get; set; } \`\`\` - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ### AwsAuthMapping AwsAuth mapping. #### Initializer \`\`\`csharp using Amazon.CDK; new AwsAuthMapping { string[] Groups, string Username = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Groups | string[] | A list of groups within Kubernetes to which the role is mapped. | | Username | string | The user name within Kubernetes to map to the IAM role. | --- ##### \`Groups\`Required \`\`\`csharp public string[] Groups { get; set; } \`\`\` - *Type:* string[] A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`Username\`Optional \`\`\`csharp public string Username { get; set; } \`\`\` - *Type:* string - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- ### AwsAuthProps Configuration props for the AwsAuth construct. #### Initializer \`\`\`csharp using Amazon.CDK; new AwsAuthProps { Cluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`Cluster\`Required \`\`\`csharp public Cluster Cluster { get; set; } \`\`\` - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### BootstrapOptions EKS node bootstrapping options. #### Initializer \`\`\`csharp using Amazon.CDK; new BootstrapOptions { string AdditionalArgs = null, double AwsApiRetryAttempts = null, string DnsClusterIp = null, string DockerConfigJson = null, bool EnableDockerBridge = null, string KubeletExtraArgs = null, bool UseMaxPods = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AdditionalArgs | string | Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. | | AwsApiRetryAttempts | double | Number of retry attempts for AWS API call (DescribeCluster). | | DnsClusterIp | string | Overrides the IP address to use for DNS queries within the cluster. | | DockerConfigJson | string | The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. | | EnableDockerBridge | bool | Restores the docker default bridge network. | | KubeletExtraArgs | string | Extra arguments to add to the kubelet. | | UseMaxPods | bool | Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. | --- ##### \`AdditionalArgs\`Optional \`\`\`csharp public string AdditionalArgs { get; set; } \`\`\` - *Type:* string - *Default:* none Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. > [https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) --- ##### \`AwsApiRetryAttempts\`Optional \`\`\`csharp public double AwsApiRetryAttempts { get; set; } \`\`\` - *Type:* double - *Default:* 3 Number of retry attempts for AWS API call (DescribeCluster). --- ##### \`DnsClusterIp\`Optional \`\`\`csharp public string DnsClusterIp { get; set; } \`\`\` - *Type:* string - *Default:* 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface. Overrides the IP address to use for DNS queries within the cluster. --- ##### \`DockerConfigJson\`Optional \`\`\`csharp public string DockerConfigJson { get; set; } \`\`\` - *Type:* string - *Default:* none The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. --- ##### \`EnableDockerBridge\`Optional \`\`\`csharp public bool EnableDockerBridge { get; set; } \`\`\` - *Type:* bool - *Default:* false Restores the docker default bridge network. --- ##### \`KubeletExtraArgs\`Optional \`\`\`csharp public string KubeletExtraArgs { get; set; } \`\`\` - *Type:* string - *Default:* none Extra arguments to add to the kubelet. Useful for adding labels or taints. --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. --node - labels;foo = bar , goo = far; \`\`\` ##### \`UseMaxPods\`Optional \`\`\`csharp public bool UseMaxPods { get; set; } \`\`\` - *Type:* bool - *Default:* true Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. --- ### CfnAddonProps Properties for defining a \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializer \`\`\`csharp using Amazon.CDK; new CfnAddonProps { string AddonName, string ClusterName, string AddonVersion = null, string ResolveConflicts = null, string ServiceAccountRoleArn = null, CfnTag[] Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AddonName | string | \`AWS::EKS::Addon.AddonName\`. | | ClusterName | string | \`AWS::EKS::Addon.ClusterName\`. | | AddonVersion | string | \`AWS::EKS::Addon.AddonVersion\`. | | ResolveConflicts | string | \`AWS::EKS::Addon.ResolveConflicts\`. | | ServiceAccountRoleArn | string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | Tags | Amazon.CDK.CfnTag[] | \`AWS::EKS::Addon.Tags\`. | --- ##### \`AddonName\`Required \`\`\`csharp public string AddonName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`AddonVersion\`Optional \`\`\`csharp public string AddonVersion { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`ResolveConflicts\`Optional \`\`\`csharp public string ResolveConflicts { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`ServiceAccountRoleArn\`Optional \`\`\`csharp public string ServiceAccountRoleArn { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`Tags\`Optional \`\`\`csharp public CfnTag[] Tags { get; set; } \`\`\` - *Type:* Amazon.CDK.CfnTag[] \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ### CfnClusterProps Properties for defining a \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializer \`\`\`csharp using Amazon.CDK; new CfnClusterProps { object ResourcesVpcConfig, string RoleArn, object EncryptionConfig = null, object KubernetesNetworkConfig = null, string Name = null, string Version = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourcesVpcConfig | object | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | RoleArn | string | \`AWS::EKS::Cluster.RoleArn\`. | | EncryptionConfig | object | \`AWS::EKS::Cluster.EncryptionConfig\`. | | KubernetesNetworkConfig | object | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | Name | string | \`AWS::EKS::Cluster.Name\`. | | Version | string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`ResourcesVpcConfig\`Required \`\`\`csharp public object ResourcesVpcConfig { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`RoleArn\`Required \`\`\`csharp public string RoleArn { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`EncryptionConfig\`Optional \`\`\`csharp public object EncryptionConfig { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`KubernetesNetworkConfig\`Optional \`\`\`csharp public object KubernetesNetworkConfig { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- ### CfnFargateProfileProps Properties for defining a \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializer \`\`\`csharp using Amazon.CDK; new CfnFargateProfileProps { string ClusterName, string PodExecutionRoleArn, object Selectors, string FargateProfileName = null, string[] Subnets = null, CfnTag[] Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | string | \`AWS::EKS::FargateProfile.ClusterName\`. | | PodExecutionRoleArn | string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | Selectors | object | \`AWS::EKS::FargateProfile.Selectors\`. | | FargateProfileName | string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | Subnets | string[] | \`AWS::EKS::FargateProfile.Subnets\`. | | Tags | Amazon.CDK.CfnTag[] | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`PodExecutionRoleArn\`Required \`\`\`csharp public string PodExecutionRoleArn { get; set; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`Selectors\`Required \`\`\`csharp public object Selectors { get; set; } \`\`\` - *Type:* object \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`FargateProfileName\`Optional \`\`\`csharp public string FargateProfileName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`Subnets\`Optional \`\`\`csharp public string[] Subnets { get; set; } \`\`\` - *Type:* string[] \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`Tags\`Optional \`\`\`csharp public CfnTag[] Tags { get; set; } \`\`\` - *Type:* Amazon.CDK.CfnTag[] \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ### CfnNodegroupProps Properties for defining a \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializer \`\`\`csharp using Amazon.CDK; new CfnNodegroupProps { string ClusterName, string NodeRole, string[] Subnets, string AmiType = null, string CapacityType = null, double DiskSize = null, object ForceUpdateEnabled = null, string[] InstanceTypes = null, object Labels = null, object LaunchTemplate = null, string NodegroupName = null, string ReleaseVersion = null, object RemoteAccess = null, object ScalingConfig = null, object Tags = null, object Taints = null, string Version = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | string | \`AWS::EKS::Nodegroup.ClusterName\`. | | NodeRole | string | \`AWS::EKS::Nodegroup.NodeRole\`. | | Subnets | string[] | \`AWS::EKS::Nodegroup.Subnets\`. | | AmiType | string | \`AWS::EKS::Nodegroup.AmiType\`. | | CapacityType | string | \`AWS::EKS::Nodegroup.CapacityType\`. | | DiskSize | double | \`AWS::EKS::Nodegroup.DiskSize\`. | | ForceUpdateEnabled | object | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | InstanceTypes | string[] | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | Labels | object | \`AWS::EKS::Nodegroup.Labels\`. | | LaunchTemplate | object | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | NodegroupName | string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | ReleaseVersion | string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | RemoteAccess | object | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | ScalingConfig | object | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | Tags | object | \`AWS::EKS::Nodegroup.Tags\`. | | Taints | object | \`AWS::EKS::Nodegroup.Taints\`. | | Version | string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`NodeRole\`Required \`\`\`csharp public string NodeRole { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`Subnets\`Required \`\`\`csharp public string[] Subnets { get; set; } \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`AmiType\`Optional \`\`\`csharp public string AmiType { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`CapacityType\`Optional \`\`\`csharp public string CapacityType { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`DiskSize\`Optional \`\`\`csharp public double DiskSize { get; set; } \`\`\` - *Type:* double \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`ForceUpdateEnabled\`Optional \`\`\`csharp public object ForceUpdateEnabled { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`InstanceTypes\`Optional \`\`\`csharp public string[] InstanceTypes { get; set; } \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`csharp public object Labels { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`LaunchTemplate\`Optional \`\`\`csharp public object LaunchTemplate { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`NodegroupName\`Optional \`\`\`csharp public string NodegroupName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`ReleaseVersion\`Optional \`\`\`csharp public string ReleaseVersion { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`RemoteAccess\`Optional \`\`\`csharp public object RemoteAccess { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`ScalingConfig\`Optional \`\`\`csharp public object ScalingConfig { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`Tags\`Optional \`\`\`csharp public object Tags { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`Taints\`Optional \`\`\`csharp public object Taints { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- ### ClusterAttributes Attributes for EKS clusters. #### Initializer \`\`\`csharp using Amazon.CDK; new ClusterAttributes { string ClusterName, string ClusterCertificateAuthorityData = null, string ClusterEncryptionConfigKeyArn = null, string ClusterEndpoint = null, string ClusterSecurityGroupId = null, System.Collections.Generic.IDictionary KubectlEnvironment = null, ILayerVersion KubectlLayer = null, Size KubectlMemory = null, string[] KubectlPrivateSubnetIds = null, string KubectlRoleArn = null, string KubectlSecurityGroupId = null, IOpenIdConnectProvider OpenIdConnectProvider = null, bool Prune = null, string[] SecurityGroupIds = null, IVpc Vpc = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | string | The physical name of the Cluster. | | ClusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | string | The API Server endpoint URL. | | ClusterSecurityGroupId | string | The cluster security group that was created by Amazon EKS for the cluster. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Environment variables to use when running \`kubectl\` against this cluster. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | KubectlPrivateSubnetIds | string[] | Subnets to host the \`kubectl\` compute resources. | | KubectlRoleArn | string | An IAM role with cluster administrator and "system:masters" permissions. | | KubectlSecurityGroupId | string | A security group to use for \`kubectl\` execution. | | OpenIdConnectProvider | Amazon.CDK.aws_iam.IOpenIdConnectProvider | An Open ID Connect provider for this cluster that can be used to configure service accounts. | | Prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecurityGroupIds | string[] | Additional security groups associated with this cluster. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which this Cluster was created. | --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string The physical name of the Cluster. --- ##### \`ClusterCertificateAuthorityData\`Optional \`\`\`csharp public string ClusterCertificateAuthorityData { get; set; } \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Optional \`\`\`csharp public string ClusterEncryptionConfigKeyArn { get; set; } \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Optional \`\`\`csharp public string ClusterEndpoint { get; set; } \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ##### \`ClusterSecurityGroupId\`Optional \`\`\`csharp public string ClusterSecurityGroupId { get; set; } \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: \`\`\` helm/helm kubectl/kubectl awscli/aws \`\`\` --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; set; } \`\`\` - *Type:* Amazon.CDK.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`KubectlPrivateSubnetIds\`Optional \`\`\`csharp public string[] KubectlPrivateSubnetIds { get; set; } \`\`\` - *Type:* string[] - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`KubectlRoleArn\`Optional \`\`\`csharp public string KubectlRoleArn { get; set; } \`\`\` - *Type:* string - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ##### \`KubectlSecurityGroupId\`Optional \`\`\`csharp public string KubectlSecurityGroupId { get; set; } \`\`\` - *Type:* string - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`OpenIdConnectProvider\`Optional \`\`\`csharp public IOpenIdConnectProvider OpenIdConnectProvider { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecurityGroupIds\`Optional \`\`\`csharp public string[] SecurityGroupIds { get; set; } \`\`\` - *Type:* string[] - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- ### ClusterOptions Options for EKS clusters. #### Initializer \`\`\`csharp using Amazon.CDK; new ClusterOptions { KubernetesVersion Version, string ClusterName = null, bool OutputClusterName = null, bool OutputConfigCommand = null, IRole Role = null, ISecurityGroup SecurityGroup = null, IVpc Vpc = null, SubnetSelection[] VpcSubnets = null, System.Collections.Generic.IDictionary ClusterHandlerEnvironment = null, CoreDnsComputeType CoreDnsComputeType = null, EndpointAccess EndpointAccess = null, System.Collections.Generic.IDictionary KubectlEnvironment = null, ILayerVersion KubectlLayer = null, Size KubectlMemory = null, IRole MastersRole = null, bool OutputMastersRoleArn = null, bool PlaceClusterHandlerInVpc = null, bool Prune = null, IKey SecretsEncryptionKey = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | string | Name for the cluster. | | OutputClusterName | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | Amazon.CDK.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Environment variables for the kubectl execution. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | Amazon.CDK.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | Amazon.CDK.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | --- ##### \`Version\`Required \`\`\`csharp public KubernetesVersion Version { get; set; } \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`csharp public bool OutputClusterName { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`csharp public bool OutputConfigCommand { get; set; } \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`csharp public IRole Role { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`csharp public ISecurityGroup SecurityGroup { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection[] VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary ClusterHandlerEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`csharp public CoreDnsComputeType CoreDnsComputeType { get; set; } \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`csharp public EndpointAccess EndpointAccess { get; set; } \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var layer = new lambda.LayerVersion(this, "kubectl-layer", new Struct { Code = lambda.Code.FromAsset($"{__dirname}/layer.zip") });[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; set; } \`\`\` - *Type:* Amazon.CDK.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`csharp public IRole MastersRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`csharp public bool OutputMastersRoleArn { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`csharp public bool PlaceClusterHandlerInVpc { get; set; } \`\`\` - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`csharp public IKey SecretsEncryptionKey { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ### ClusterProps Common configuration props for EKS clusters. #### Initializer \`\`\`csharp using Amazon.CDK; new ClusterProps { KubernetesVersion Version, string ClusterName = null, bool OutputClusterName = null, bool OutputConfigCommand = null, IRole Role = null, ISecurityGroup SecurityGroup = null, IVpc Vpc = null, SubnetSelection[] VpcSubnets = null, System.Collections.Generic.IDictionary ClusterHandlerEnvironment = null, CoreDnsComputeType CoreDnsComputeType = null, EndpointAccess EndpointAccess = null, System.Collections.Generic.IDictionary KubectlEnvironment = null, ILayerVersion KubectlLayer = null, Size KubectlMemory = null, IRole MastersRole = null, bool OutputMastersRoleArn = null, bool PlaceClusterHandlerInVpc = null, bool Prune = null, IKey SecretsEncryptionKey = null, double DefaultCapacity = null, InstanceType DefaultCapacityInstance = null, DefaultCapacityType DefaultCapacityType = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | string | Name for the cluster. | | OutputClusterName | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | Amazon.CDK.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Environment variables for the kubectl execution. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | Amazon.CDK.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | Amazon.CDK.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | DefaultCapacity | double | Number of instances to allocate as an initial capacity for this cluster. | | DefaultCapacityInstance | Amazon.CDK.aws_ec2.InstanceType | The instance type to use for the default capacity. | | DefaultCapacityType | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`Version\`Required \`\`\`csharp public KubernetesVersion Version { get; set; } \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`csharp public bool OutputClusterName { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`csharp public bool OutputConfigCommand { get; set; } \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`csharp public IRole Role { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`csharp public ISecurityGroup SecurityGroup { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection[] VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary ClusterHandlerEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`csharp public CoreDnsComputeType CoreDnsComputeType { get; set; } \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`csharp public EndpointAccess EndpointAccess { get; set; } \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var layer = new lambda.LayerVersion(this, "kubectl-layer", new Struct { Code = lambda.Code.FromAsset($"{__dirname}/layer.zip") });[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; set; } \`\`\` - *Type:* Amazon.CDK.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`csharp public IRole MastersRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`csharp public bool OutputMastersRoleArn { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`csharp public bool PlaceClusterHandlerInVpc { get; set; } \`\`\` - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`csharp public IKey SecretsEncryptionKey { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`DefaultCapacity\`Optional \`\`\`csharp public double DefaultCapacity { get; set; } \`\`\` - *Type:* double - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`DefaultCapacityInstance\`Optional \`\`\`csharp public InstanceType DefaultCapacityInstance { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`DefaultCapacityType\`Optional \`\`\`csharp public DefaultCapacityType DefaultCapacityType { get; set; } \`\`\` - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- ### CommonClusterOptions Options for configuring an EKS cluster. #### Initializer \`\`\`csharp using Amazon.CDK; new CommonClusterOptions { KubernetesVersion Version, string ClusterName = null, bool OutputClusterName = null, bool OutputConfigCommand = null, IRole Role = null, ISecurityGroup SecurityGroup = null, IVpc Vpc = null, SubnetSelection[] VpcSubnets = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | string | Name for the cluster. | | OutputClusterName | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | Amazon.CDK.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | --- ##### \`Version\`Required \`\`\`csharp public KubernetesVersion Version { get; set; } \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`csharp public bool OutputClusterName { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`csharp public bool OutputConfigCommand { get; set; } \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`csharp public IRole Role { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`csharp public ISecurityGroup SecurityGroup { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection[] VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ### EksOptimizedImageProps Properties for EksOptimizedImage. #### Initializer \`\`\`csharp using Amazon.CDK; new EksOptimizedImageProps { CpuArch CpuArch = null, string KubernetesVersion = null, NodeType NodeType = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | CpuArch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | KubernetesVersion | string | The Kubernetes version to use. | | NodeType | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`CpuArch\`Optional \`\`\`csharp public CpuArch CpuArch { get; set; } \`\`\` - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`KubernetesVersion\`Optional \`\`\`csharp public string KubernetesVersion { get; set; } \`\`\` - *Type:* string - *Default:* The latest version The Kubernetes version to use. --- ##### \`NodeType\`Optional \`\`\`csharp public NodeType NodeType { get; set; } \`\`\` - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- ### EncryptionConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html) #### Initializer \`\`\`csharp using Amazon.CDK; new EncryptionConfigProperty { object Provider = null, string[] Resources = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Provider | object | \`CfnCluster.EncryptionConfigProperty.Provider\`. | | Resources | string[] | \`CfnCluster.EncryptionConfigProperty.Resources\`. | --- ##### \`Provider\`Optional \`\`\`csharp public object Provider { get; set; } \`\`\` - *Type:* object \`CfnCluster.EncryptionConfigProperty.Provider\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider) --- ##### \`Resources\`Optional \`\`\`csharp public string[] Resources { get; set; } \`\`\` - *Type:* string[] \`CfnCluster.EncryptionConfigProperty.Resources\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources) --- ### FargateClusterProps Configuration props for EKS Fargate. #### Initializer \`\`\`csharp using Amazon.CDK; new FargateClusterProps { KubernetesVersion Version, string ClusterName = null, bool OutputClusterName = null, bool OutputConfigCommand = null, IRole Role = null, ISecurityGroup SecurityGroup = null, IVpc Vpc = null, SubnetSelection[] VpcSubnets = null, System.Collections.Generic.IDictionary ClusterHandlerEnvironment = null, CoreDnsComputeType CoreDnsComputeType = null, EndpointAccess EndpointAccess = null, System.Collections.Generic.IDictionary KubectlEnvironment = null, ILayerVersion KubectlLayer = null, Size KubectlMemory = null, IRole MastersRole = null, bool OutputMastersRoleArn = null, bool PlaceClusterHandlerInVpc = null, bool Prune = null, IKey SecretsEncryptionKey = null, FargateProfileOptions DefaultProfile = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | string | Name for the cluster. | | OutputClusterName | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | Amazon.CDK.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Environment variables for the kubectl execution. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | Amazon.CDK.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | Amazon.CDK.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | DefaultProfile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`Version\`Required \`\`\`csharp public KubernetesVersion Version { get; set; } \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`csharp public bool OutputClusterName { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`csharp public bool OutputConfigCommand { get; set; } \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`csharp public IRole Role { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`csharp public ISecurityGroup SecurityGroup { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection[] VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary ClusterHandlerEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`csharp public CoreDnsComputeType CoreDnsComputeType { get; set; } \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`csharp public EndpointAccess EndpointAccess { get; set; } \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var layer = new lambda.LayerVersion(this, "kubectl-layer", new Struct { Code = lambda.Code.FromAsset($"{__dirname}/layer.zip") });[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; set; } \`\`\` - *Type:* Amazon.CDK.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`csharp public IRole MastersRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`csharp public bool OutputMastersRoleArn { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`csharp public bool PlaceClusterHandlerInVpc { get; set; } \`\`\` - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`csharp public IKey SecretsEncryptionKey { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`DefaultProfile\`Optional \`\`\`csharp public FargateProfileOptions DefaultProfile { get; set; } \`\`\` - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- ### FargateProfileOptions Options for defining EKS Fargate Profiles. #### Initializer \`\`\`csharp using Amazon.CDK; new FargateProfileOptions { Selector[] Selectors, string FargateProfileName = null, IRole PodExecutionRole = null, SubnetSelection SubnetSelection = null, IVpc Vpc = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Selectors | Selector[] | The selectors to match for pods to use this Fargate profile. | | FargateProfileName | string | The name of the Fargate profile. | | PodExecutionRole | Amazon.CDK.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | SubnetSelection | Amazon.CDK.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | --- ##### \`Selectors\`Required \`\`\`csharp public Selector[] Selectors { get; set; } \`\`\` - *Type:* Selector[] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`FargateProfileName\`Optional \`\`\`csharp public string FargateProfileName { get; set; } \`\`\` - *Type:* string - *Default:* generated The name of the Fargate profile. --- ##### \`PodExecutionRole\`Optional \`\`\`csharp public IRole PodExecutionRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`SubnetSelection\`Optional \`\`\`csharp public SubnetSelection SubnetSelection { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ### FargateProfileProps Configuration props for EKS Fargate Profiles. #### Initializer \`\`\`csharp using Amazon.CDK; new FargateProfileProps { Selector[] Selectors, string FargateProfileName = null, IRole PodExecutionRole = null, SubnetSelection SubnetSelection = null, IVpc Vpc = null, Cluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Selectors | Selector[] | The selectors to match for pods to use this Fargate profile. | | FargateProfileName | string | The name of the Fargate profile. | | PodExecutionRole | Amazon.CDK.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | SubnetSelection | Amazon.CDK.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | Cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`Selectors\`Required \`\`\`csharp public Selector[] Selectors { get; set; } \`\`\` - *Type:* Selector[] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`FargateProfileName\`Optional \`\`\`csharp public string FargateProfileName { get; set; } \`\`\` - *Type:* string - *Default:* generated The name of the Fargate profile. --- ##### \`PodExecutionRole\`Optional \`\`\`csharp public IRole PodExecutionRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`SubnetSelection\`Optional \`\`\`csharp public SubnetSelection SubnetSelection { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`Cluster\`Required \`\`\`csharp public Cluster Cluster { get; set; } \`\`\` - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- ### HelmChartOptions Helm Chart options. #### Initializer \`\`\`csharp using Amazon.CDK; new HelmChartOptions { string Chart, bool CreateNamespace = null, string Namespace = null, string Release = null, string Repository = null, Duration Timeout = null, System.Collections.Generic.IDictionary Values = null, string Version = null, bool Wait = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Chart | string | The name of the chart. | | CreateNamespace | bool | create namespace if not exist. | | Namespace | string | The Kubernetes namespace scope of the requests. | | Release | string | The name of the release. | | Repository | string | The repository which contains the chart. | | Timeout | Amazon.CDK.Duration | Amount of time to wait for any individual Kubernetes operation. | | Values | System.Collections.Generic.IDictionary | The values to be used by the chart. | | Version | string | The chart version to install. | | Wait | bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | --- ##### \`Chart\`Required \`\`\`csharp public string Chart { get; set; } \`\`\` - *Type:* string The name of the chart. --- ##### \`CreateNamespace\`Optional \`\`\`csharp public bool CreateNamespace { get; set; } \`\`\` - *Type:* bool - *Default:* true create namespace if not exist. --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`Release\`Optional \`\`\`csharp public string Release { get; set; } \`\`\` - *Type:* string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`Repository\`Optional \`\`\`csharp public string Repository { get; set; } \`\`\` - *Type:* string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`Timeout\`Optional \`\`\`csharp public Duration Timeout { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`Values\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Values { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`Wait\`Optional \`\`\`csharp public bool Wait { get; set; } \`\`\` - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ### HelmChartProps Helm Chart properties. #### Initializer \`\`\`csharp using Amazon.CDK; new HelmChartProps { string Chart, bool CreateNamespace = null, string Namespace = null, string Release = null, string Repository = null, Duration Timeout = null, System.Collections.Generic.IDictionary Values = null, string Version = null, bool Wait = null, ICluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Chart | string | The name of the chart. | | CreateNamespace | bool | create namespace if not exist. | | Namespace | string | The Kubernetes namespace scope of the requests. | | Release | string | The name of the release. | | Repository | string | The repository which contains the chart. | | Timeout | Amazon.CDK.Duration | Amount of time to wait for any individual Kubernetes operation. | | Values | System.Collections.Generic.IDictionary | The values to be used by the chart. | | Version | string | The chart version to install. | | Wait | bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | Cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`Chart\`Required \`\`\`csharp public string Chart { get; set; } \`\`\` - *Type:* string The name of the chart. --- ##### \`CreateNamespace\`Optional \`\`\`csharp public bool CreateNamespace { get; set; } \`\`\` - *Type:* bool - *Default:* true create namespace if not exist. --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`Release\`Optional \`\`\`csharp public string Release { get; set; } \`\`\` - *Type:* string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`Repository\`Optional \`\`\`csharp public string Repository { get; set; } \`\`\` - *Type:* string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`Timeout\`Optional \`\`\`csharp public Duration Timeout { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`Values\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Values { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`Wait\`Optional \`\`\`csharp public bool Wait { get; set; } \`\`\` - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### KubernetesManifestOptions Options for \`KubernetesManifest\`. #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesManifestOptions { bool Prune = null, bool SkipValidation = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Prune | bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | SkipValidation | bool | A flag to signify if the manifest validation should be skipped. | --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`SkipValidation\`Optional \`\`\`csharp public bool SkipValidation { get; set; } \`\`\` - *Type:* bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ### KubernetesManifestProps Properties for KubernetesManifest. #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesManifestProps { bool Prune = null, bool SkipValidation = null, ICluster Cluster, System.Collections.Generic.IDictionary[] Manifest, bool Overwrite = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Prune | bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | SkipValidation | bool | A flag to signify if the manifest validation should be skipped. | | Cluster | ICluster | The EKS cluster to apply this manifest to. | | Manifest | System.Collections.Generic.IDictionary[] | The manifest to apply. | | Overwrite | bool | Overwrite any existing resources. | --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`SkipValidation\`Optional \`\`\`csharp public bool SkipValidation { get; set; } \`\`\` - *Type:* bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`Manifest\`Required \`\`\`csharp public System.Collections.Generic.IDictionary[] Manifest { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary[] The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`csharp new [] { new Struct { ApiVersion = "v1", Kind = "Pod", Metadata = new Struct { Name = "mypod" }, Spec = new Struct { Containers = new [] { new Struct { Name = "hello", Image = "paulbouwer/hello-kubernetes:1.5", Ports = new [] { new Struct { ContainerPort = 8080 } } } } } } }; \`\`\` ##### \`Overwrite\`Optional \`\`\`csharp public bool Overwrite { get; set; } \`\`\` - *Type:* bool - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- ### KubernetesNetworkConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html) #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesNetworkConfigProperty { string ServiceIpv4Cidr = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ServiceIpv4Cidr | string | \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. | --- ##### \`ServiceIpv4Cidr\`Optional \`\`\`csharp public string ServiceIpv4Cidr { get; set; } \`\`\` - *Type:* string \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr) --- ### KubernetesObjectValueProps Properties for KubernetesObjectValue. #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesObjectValueProps { ICluster Cluster, string JsonPath, string ObjectName, string ObjectType, string ObjectNamespace = null, Duration Timeout = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Cluster | ICluster | The EKS cluster to fetch attributes from. | | JsonPath | string | JSONPath to the specific value. | | ObjectName | string | The name of the object to query. | | ObjectType | string | The object type to query. | | ObjectNamespace | string | The namespace the object belongs to. | | Timeout | Amazon.CDK.Duration | Timeout for waiting on a value. | --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`JsonPath\`Required \`\`\`csharp public string JsonPath { get; set; } \`\`\` - *Type:* string JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`ObjectName\`Required \`\`\`csharp public string ObjectName { get; set; } \`\`\` - *Type:* string The name of the object to query. --- ##### \`ObjectType\`Required \`\`\`csharp public string ObjectType { get; set; } \`\`\` - *Type:* string The object type to query. (e.g 'service', 'pod'...) --- ##### \`ObjectNamespace\`Optional \`\`\`csharp public string ObjectNamespace { get; set; } \`\`\` - *Type:* string - *Default:* 'default' The namespace the object belongs to. --- ##### \`Timeout\`Optional \`\`\`csharp public Duration Timeout { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- ### KubernetesPatchProps Properties for KubernetesPatch. #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesPatchProps { System.Collections.Generic.IDictionary ApplyPatch, ICluster Cluster, string ResourceName, System.Collections.Generic.IDictionary RestorePatch, PatchType PatchType = null, string ResourceNamespace = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ApplyPatch | System.Collections.Generic.IDictionary | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | Cluster | ICluster | The cluster to apply the patch to. | | ResourceName | string | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | RestorePatch | System.Collections.Generic.IDictionary | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | PatchType | PatchType | The patch type to pass to \`kubectl patch\`. | | ResourceNamespace | string | The kubernetes API namespace. | --- ##### \`ApplyPatch\`Required \`\`\`csharp public System.Collections.Generic.IDictionary ApplyPatch { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`ResourceName\`Required \`\`\`csharp public string ResourceName { get; set; } \`\`\` - *Type:* string The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`RestorePatch\`Required \`\`\`csharp public System.Collections.Generic.IDictionary RestorePatch { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`PatchType\`Optional \`\`\`csharp public PatchType PatchType { get; set; } \`\`\` - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`ResourceNamespace\`Optional \`\`\`csharp public string ResourceNamespace { get; set; } \`\`\` - *Type:* string - *Default:* "default" The kubernetes API namespace. --- ### LabelProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html) #### Initializer \`\`\`csharp using Amazon.CDK; new LabelProperty { string Key, string Value }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Key | string | \`CfnFargateProfile.LabelProperty.Key\`. | | Value | string | \`CfnFargateProfile.LabelProperty.Value\`. | --- ##### \`Key\`Required \`\`\`csharp public string Key { get; set; } \`\`\` - *Type:* string \`CfnFargateProfile.LabelProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key) --- ##### \`Value\`Required \`\`\`csharp public string Value { get; set; } \`\`\` - *Type:* string \`CfnFargateProfile.LabelProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value) --- ### LaunchTemplateSpec Launch template property specification. #### Initializer \`\`\`csharp using Amazon.CDK; new LaunchTemplateSpec { string Id, string Version = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Id | string | The Launch template ID. | | Version | string | The launch template version to be used (optional). | --- ##### \`Id\`Required \`\`\`csharp public string Id { get; set; } \`\`\` - *Type:* string The Launch template ID. --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string - *Default:* the default version of the launch template The launch template version to be used (optional). --- ### LaunchTemplateSpecificationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html) #### Initializer \`\`\`csharp using Amazon.CDK; new LaunchTemplateSpecificationProperty { string Id = null, string Name = null, string Version = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Id | string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. | | Name | string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. | | Version | string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. | --- ##### \`Id\`Optional \`\`\`csharp public string Id { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id) --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version) --- ### NodegroupOptions The Nodegroup Options for addNodeGroup() method. #### Initializer \`\`\`csharp using Amazon.CDK; new NodegroupOptions { NodegroupAmiType AmiType = null, CapacityType CapacityType = null, double DesiredSize = null, double DiskSize = null, bool ForceUpdate = null, InstanceType[] InstanceTypes = null, System.Collections.Generic.IDictionary Labels = null, LaunchTemplateSpec LaunchTemplateSpec = null, double MaxSize = null, double MinSize = null, string NodegroupName = null, IRole NodeRole = null, string ReleaseVersion = null, NodegroupRemoteAccess RemoteAccess = null, SubnetSelection Subnets = null, System.Collections.Generic.IDictionary Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AmiType | NodegroupAmiType | The AMI type for your node group. | | CapacityType | CapacityType | The capacity type of the nodegroup. | | DesiredSize | double | The current number of worker nodes that the managed node group should maintain. | | DiskSize | double | The root device disk size (in GiB) for your node group instances. | | ForceUpdate | bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | InstanceTypes | Amazon.CDK.aws_ec2.InstanceType[] | The instance types to use for your node group. | | Labels | System.Collections.Generic.IDictionary | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | LaunchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | MaxSize | double | The maximum number of worker nodes that the managed node group can scale out to. | | MinSize | double | The minimum number of worker nodes that the managed node group can scale in to. | | NodegroupName | string | Name of the Nodegroup. | | NodeRole | Amazon.CDK.aws_iam.IRole | The IAM role to associate with your node group. | | ReleaseVersion | string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | RemoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | Subnets | Amazon.CDK.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | Tags | System.Collections.Generic.IDictionary | The metadata to apply to the node group to assist with categorization and organization. | --- ##### \`AmiType\`Optional \`\`\`csharp public NodegroupAmiType AmiType { get; set; } \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`CapacityType\`Optional \`\`\`csharp public CapacityType CapacityType { get; set; } \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`DesiredSize\`Optional \`\`\`csharp public double DesiredSize { get; set; } \`\`\` - *Type:* double - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`DiskSize\`Optional \`\`\`csharp public double DiskSize { get; set; } \`\`\` - *Type:* double - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`ForceUpdate\`Optional \`\`\`csharp public bool ForceUpdate { get; set; } \`\`\` - *Type:* bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`InstanceTypes\`Optional \`\`\`csharp public InstanceType[] InstanceTypes { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType[] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Labels { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`LaunchTemplateSpec\`Optional \`\`\`csharp public LaunchTemplateSpec LaunchTemplateSpec { get; set; } \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`MaxSize\`Optional \`\`\`csharp public double MaxSize { get; set; } \`\`\` - *Type:* double - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`MinSize\`Optional \`\`\`csharp public double MinSize { get; set; } \`\`\` - *Type:* double - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`NodegroupName\`Optional \`\`\`csharp public string NodegroupName { get; set; } \`\`\` - *Type:* string - *Default:* resource ID Name of the Nodegroup. --- ##### \`NodeRole\`Optional \`\`\`csharp public IRole NodeRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`ReleaseVersion\`Optional \`\`\`csharp public string ReleaseVersion { get; set; } \`\`\` - *Type:* string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`RemoteAccess\`Optional \`\`\`csharp public NodegroupRemoteAccess RemoteAccess { get; set; } \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`Subnets\`Optional \`\`\`csharp public SubnetSelection Subnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`Tags\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Tags { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ### NodegroupProps NodeGroup properties interface. #### Initializer \`\`\`csharp using Amazon.CDK; new NodegroupProps { NodegroupAmiType AmiType = null, CapacityType CapacityType = null, double DesiredSize = null, double DiskSize = null, bool ForceUpdate = null, InstanceType[] InstanceTypes = null, System.Collections.Generic.IDictionary Labels = null, LaunchTemplateSpec LaunchTemplateSpec = null, double MaxSize = null, double MinSize = null, string NodegroupName = null, IRole NodeRole = null, string ReleaseVersion = null, NodegroupRemoteAccess RemoteAccess = null, SubnetSelection Subnets = null, System.Collections.Generic.IDictionary Tags = null, ICluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AmiType | NodegroupAmiType | The AMI type for your node group. | | CapacityType | CapacityType | The capacity type of the nodegroup. | | DesiredSize | double | The current number of worker nodes that the managed node group should maintain. | | DiskSize | double | The root device disk size (in GiB) for your node group instances. | | ForceUpdate | bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | InstanceTypes | Amazon.CDK.aws_ec2.InstanceType[] | The instance types to use for your node group. | | Labels | System.Collections.Generic.IDictionary | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | LaunchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | MaxSize | double | The maximum number of worker nodes that the managed node group can scale out to. | | MinSize | double | The minimum number of worker nodes that the managed node group can scale in to. | | NodegroupName | string | Name of the Nodegroup. | | NodeRole | Amazon.CDK.aws_iam.IRole | The IAM role to associate with your node group. | | ReleaseVersion | string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | RemoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | Subnets | Amazon.CDK.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | Tags | System.Collections.Generic.IDictionary | The metadata to apply to the node group to assist with categorization and organization. | | Cluster | ICluster | Cluster resource. | --- ##### \`AmiType\`Optional \`\`\`csharp public NodegroupAmiType AmiType { get; set; } \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`CapacityType\`Optional \`\`\`csharp public CapacityType CapacityType { get; set; } \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`DesiredSize\`Optional \`\`\`csharp public double DesiredSize { get; set; } \`\`\` - *Type:* double - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`DiskSize\`Optional \`\`\`csharp public double DiskSize { get; set; } \`\`\` - *Type:* double - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`ForceUpdate\`Optional \`\`\`csharp public bool ForceUpdate { get; set; } \`\`\` - *Type:* bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`InstanceTypes\`Optional \`\`\`csharp public InstanceType[] InstanceTypes { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType[] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Labels { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`LaunchTemplateSpec\`Optional \`\`\`csharp public LaunchTemplateSpec LaunchTemplateSpec { get; set; } \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`MaxSize\`Optional \`\`\`csharp public double MaxSize { get; set; } \`\`\` - *Type:* double - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`MinSize\`Optional \`\`\`csharp public double MinSize { get; set; } \`\`\` - *Type:* double - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`NodegroupName\`Optional \`\`\`csharp public string NodegroupName { get; set; } \`\`\` - *Type:* string - *Default:* resource ID Name of the Nodegroup. --- ##### \`NodeRole\`Optional \`\`\`csharp public IRole NodeRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`ReleaseVersion\`Optional \`\`\`csharp public string ReleaseVersion { get; set; } \`\`\` - *Type:* string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`RemoteAccess\`Optional \`\`\`csharp public NodegroupRemoteAccess RemoteAccess { get; set; } \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`Subnets\`Optional \`\`\`csharp public SubnetSelection Subnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`Tags\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Tags { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster Cluster resource. --- ### NodegroupRemoteAccess The remote access (SSH) configuration to use with your node group. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`csharp using Amazon.CDK; new NodegroupRemoteAccess { string SshKeyName, ISecurityGroup[] SourceSecurityGroups = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | SshKeyName | string | The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. | | SourceSecurityGroups | Amazon.CDK.aws_ec2.ISecurityGroup[] | The security groups that are allowed SSH access (port 22) to the worker nodes. | --- ##### \`SshKeyName\`Required \`\`\`csharp public string SshKeyName { get; set; } \`\`\` - *Type:* string The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. --- ##### \`SourceSecurityGroups\`Optional \`\`\`csharp public ISecurityGroup[] SourceSecurityGroups { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup[] - *Default:* port 22 on the worker nodes is opened to the internet (0.0.0.0/0) The security groups that are allowed SSH access (port 22) to the worker nodes. If you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0). --- ### OpenIdConnectProviderProps Initialization properties for \`OpenIdConnectProvider\`. #### Initializer \`\`\`csharp using Amazon.CDK; new OpenIdConnectProviderProps { string Url }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Url | string | The URL of the identity provider. | --- ##### \`Url\`Required \`\`\`csharp public string Url { get; set; } \`\`\` - *Type:* string The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- ### ProviderProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html) #### Initializer \`\`\`csharp using Amazon.CDK; new ProviderProperty { string KeyArn = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | KeyArn | string | \`CfnCluster.ProviderProperty.KeyArn\`. | --- ##### \`KeyArn\`Optional \`\`\`csharp public string KeyArn { get; set; } \`\`\` - *Type:* string \`CfnCluster.ProviderProperty.KeyArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn) --- ### RemoteAccessProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`csharp using Amazon.CDK; new RemoteAccessProperty { string Ec2SshKey, string[] SourceSecurityGroups = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Ec2SshKey | string | \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. | | SourceSecurityGroups | string[] | \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. | --- ##### \`Ec2SshKey\`Required \`\`\`csharp public string Ec2SshKey { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey) --- ##### \`SourceSecurityGroups\`Optional \`\`\`csharp public string[] SourceSecurityGroups { get; set; } \`\`\` - *Type:* string[] \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups) --- ### ResourcesVpcConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html) #### Initializer \`\`\`csharp using Amazon.CDK; new ResourcesVpcConfigProperty { string[] SubnetIds, string[] SecurityGroupIds = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | SubnetIds | string[] | \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. | | SecurityGroupIds | string[] | \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. | --- ##### \`SubnetIds\`Required \`\`\`csharp public string[] SubnetIds { get; set; } \`\`\` - *Type:* string[] \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids) --- ##### \`SecurityGroupIds\`Optional \`\`\`csharp public string[] SecurityGroupIds { get; set; } \`\`\` - *Type:* string[] \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids) --- ### ScalingConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html) #### Initializer \`\`\`csharp using Amazon.CDK; new ScalingConfigProperty { double DesiredSize = null, double MaxSize = null, double MinSize = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | DesiredSize | double | \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. | | MaxSize | double | \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. | | MinSize | double | \`CfnNodegroup.ScalingConfigProperty.MinSize\`. | --- ##### \`DesiredSize\`Optional \`\`\`csharp public double DesiredSize { get; set; } \`\`\` - *Type:* double \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize) --- ##### \`MaxSize\`Optional \`\`\`csharp public double MaxSize { get; set; } \`\`\` - *Type:* double \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize) --- ##### \`MinSize\`Optional \`\`\`csharp public double MinSize { get; set; } \`\`\` - *Type:* double \`CfnNodegroup.ScalingConfigProperty.MinSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize) --- ### Selector Fargate profile selector. #### Initializer \`\`\`csharp using Amazon.CDK; new Selector { string Namespace, System.Collections.Generic.IDictionary Labels = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | string | The Kubernetes namespace that the selector should match. | | Labels | System.Collections.Generic.IDictionary | The Kubernetes labels that the selector should match. | --- ##### \`Namespace\`Required \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string The Kubernetes namespace that the selector should match. You must specify a namespace for a selector. The selector only matches pods that are created in this namespace, but you can create multiple selectors to target multiple namespaces. --- ##### \`Labels\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Labels { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* all pods within the namespace will be selected. The Kubernetes labels that the selector should match. A pod must contain all of the labels that are specified in the selector for it to be considered a match. --- ### SelectorProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html) #### Initializer \`\`\`csharp using Amazon.CDK; new SelectorProperty { string Namespace, object Labels = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | string | \`CfnFargateProfile.SelectorProperty.Namespace\`. | | Labels | object | \`CfnFargateProfile.SelectorProperty.Labels\`. | --- ##### \`Namespace\`Required \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string \`CfnFargateProfile.SelectorProperty.Namespace\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace) --- ##### \`Labels\`Optional \`\`\`csharp public object Labels { get; set; } \`\`\` - *Type:* object \`CfnFargateProfile.SelectorProperty.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels) --- ### ServiceAccountOptions Options for \`ServiceAccount\`. #### Initializer \`\`\`csharp using Amazon.CDK; new ServiceAccountOptions { string Name = null, string Namespace = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Name | string | The name of the service account. | | Namespace | string | The namespace of the service account. | --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; set; } \`\`\` - *Type:* string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* "default" The namespace of the service account. --- ### ServiceAccountProps Properties for defining service accounts. #### Initializer \`\`\`csharp using Amazon.CDK; new ServiceAccountProps { string Name = null, string Namespace = null, ICluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Name | string | The name of the service account. | | Namespace | string | The namespace of the service account. | | Cluster | ICluster | The cluster to apply the patch to. | --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; set; } \`\`\` - *Type:* string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* "default" The namespace of the service account. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The cluster to apply the patch to. --- ### ServiceLoadBalancerAddressOptions Options for fetching a ServiceLoadBalancerAddress. #### Initializer \`\`\`csharp using Amazon.CDK; new ServiceLoadBalancerAddressOptions { string Namespace = null, Duration Timeout = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | string | The namespace the service belongs to. | | Timeout | Amazon.CDK.Duration | Timeout for waiting on the load balancer address. | --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* 'default' The namespace the service belongs to. --- ##### \`Timeout\`Optional \`\`\`csharp public Duration Timeout { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- ### TaintProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html) #### Initializer \`\`\`csharp using Amazon.CDK; new TaintProperty { string Effect = null, string Key = null, string Value = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Effect | string | \`CfnNodegroup.TaintProperty.Effect\`. | | Key | string | \`CfnNodegroup.TaintProperty.Key\`. | | Value | string | \`CfnNodegroup.TaintProperty.Value\`. | --- ##### \`Effect\`Optional \`\`\`csharp public string Effect { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.TaintProperty.Effect\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect) --- ##### \`Key\`Optional \`\`\`csharp public string Key { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.TaintProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key) --- ##### \`Value\`Optional \`\`\`csharp public string Value { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.TaintProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value) --- ## Classes ### EksOptimizedImage - *Implements:* Amazon.CDK.aws_ec2.IMachineImage Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM. #### Initializers \`\`\`csharp using Amazon.CDK; new EksOptimizedImage(EksOptimizedImageProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Props | EksOptimizedImageProps | *No description.* | --- ##### \`Props\`Optional - *Type:* EksOptimizedImageProps --- #### Methods | **Name** | **Description** | | --- | --- | | GetImage | Return the correct image. | --- ##### \`GetImage\` \`\`\`csharp private MachineImageConfig GetImage(Construct Scope) \`\`\` Return the correct image. ###### \`Scope\`Required - *Type:* Constructs.Construct --- ### EndpointAccess Endpoint access characteristics. #### Methods | **Name** | **Description** | | --- | --- | | OnlyFrom | Restrict public access to specific CIDR blocks. | --- ##### \`OnlyFrom\` \`\`\`csharp private EndpointAccess OnlyFrom(string Cidr) \`\`\` Restrict public access to specific CIDR blocks. If public access is disabled, this method will result in an error. ###### \`Cidr\`Required - *Type:* string CIDR blocks. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | Private | EndpointAccess | The cluster endpoint is only accessible through your VPC. | | Public | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | | PublicAndPrivate | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | --- ##### \`Private\`Required \`\`\`csharp public EndpointAccess Private { get; } \`\`\` - *Type:* EndpointAccess The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC. --- ##### \`Public\`Required \`\`\`csharp public EndpointAccess Public { get; } \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic will leave your VPC to connect to the endpoint. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ##### \`PublicAndPrivate\`Required \`\`\`csharp public EndpointAccess PublicAndPrivate { get; } \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic to the endpoint will stay within your VPC. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC_AND_PRIVATE.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ### KubernetesVersion Kubernetes cluster version. #### Static Functions | **Name** | **Description** | | --- | --- | | Of | Custom cluster version. | --- ##### \`Of\` \`\`\`csharp using Amazon.CDK; KubernetesVersion.Of(string Version); \`\`\` Custom cluster version. ###### \`Version\`Required - *Type:* string custom version number. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | string | cluster version number. | --- ##### \`Version\`Required \`\`\`csharp public string Version { get; } \`\`\` - *Type:* string cluster version number. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | V114 | KubernetesVersion | Kubernetes version 1.14. | | V115 | KubernetesVersion | Kubernetes version 1.15. | | V116 | KubernetesVersion | Kubernetes version 1.16. | | V117 | KubernetesVersion | Kubernetes version 1.17. | | V118 | KubernetesVersion | Kubernetes version 1.18. | | V119 | KubernetesVersion | Kubernetes version 1.19. | --- ##### \`V114\`Required \`\`\`csharp public KubernetesVersion V114 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.14. --- ##### \`V115\`Required \`\`\`csharp public KubernetesVersion V115 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.15. --- ##### \`V116\`Required \`\`\`csharp public KubernetesVersion V116 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.16. --- ##### \`V117\`Required \`\`\`csharp public KubernetesVersion V117 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.17. --- ##### \`V118\`Required \`\`\`csharp public KubernetesVersion V118 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.18. --- ##### \`V119\`Required \`\`\`csharp public KubernetesVersion V119 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.19. --- ## Protocols ### ICluster - *Extends:* Amazon.CDK.IResource, Amazon.CDK.aws_ec2.IConnectable - *Implemented By:* Cluster, FargateCluster, ICluster An EKS cluster. #### Methods | **Name** | **Description** | | --- | --- | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | --- ##### \`AddCdk8sChart\` \`\`\`csharp private KubernetesManifest AddCdk8sChart(string Id, Construct Chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Chart\`Required - *Type:* Constructs.Construct the cdk8s chart. --- ##### \`AddHelmChart\` \`\`\`csharp private HelmChart AddHelmChart(string Id, HelmChartOptions Options) \`\`\` Defines a Helm chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`csharp private KubernetesManifest AddManifest(string Id, System.Collections.Generic.IDictionary Manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`Id\`Required - *Type:* string logical id of this manifest. --- ###### \`Manifest\`Required - *Type:* System.Collections.Generic.IDictionary a list of Kubernetes resource specifications. --- ##### \`AddServiceAccount\` \`\`\`csharp private ServiceAccount AddServiceAccount(string Id, ServiceAccountOptions Options = null) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`Id\`Required - *Type:* string logical id of service account. --- ###### \`Options\`Optional - *Type:* ServiceAccountOptions service account options. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | Connections | Amazon.CDK.aws_ec2.Connections | *No description.* | | ClusterArn | string | The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. | | ClusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | string | The API Server endpoint URL. | | ClusterName | string | The physical name of the Cluster. | | ClusterSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | OpenIdConnectProvider | Amazon.CDK.aws_iam.IOpenIdConnectProvider | The Open ID Connect Provider of the cluster used to configure Service Accounts. | | Prune | bool | Indicates whether Kubernetes resources can be automatically pruned. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which this Cluster was created. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | KubectlPrivateSubnets | Amazon.CDK.aws_ec2.ISubnet[] | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | Amazon.CDK.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`Connections\`Required \`\`\`csharp public Connections Connections { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.Connections --- ##### \`ClusterArn\`Required \`\`\`csharp public string ClusterArn { get; } \`\`\` - *Type:* string The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. --- ##### \`ClusterCertificateAuthorityData\`Required \`\`\`csharp public string ClusterCertificateAuthorityData { get; } \`\`\` - *Type:* string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`csharp public string ClusterEncryptionConfigKeyArn { get; } \`\`\` - *Type:* string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`csharp public string ClusterEndpoint { get; } \`\`\` - *Type:* string The API Server endpoint URL. --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string The physical name of the Cluster. --- ##### \`ClusterSecurityGroup\`Required \`\`\`csharp public ISecurityGroup ClusterSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`csharp public string ClusterSecurityGroupId { get; } \`\`\` - *Type:* string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`csharp public IOpenIdConnectProvider OpenIdConnectProvider { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IOpenIdConnectProvider The Open ID Connect Provider of the cluster used to configure Service Accounts. --- ##### \`Prune\`Required \`\`\`csharp public bool Prune { get; } \`\`\` - *Type:* bool Indicates whether Kubernetes resources can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`Vpc\`Required \`\`\`csharp public IVpc Vpc { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; } \`\`\` - *Type:* System.Collections.Generic.IDictionary Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. If not defined, a default layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; } \`\`\` - *Type:* Amazon.CDK.Size Amount of memory to allocate to the provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`csharp public ISubnet[] KubectlPrivateSubnets { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISubnet[] Subnets to host the \`kubectl\` compute resources. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ##### \`KubectlRole\`Optional \`\`\`csharp public IRole KubectlRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`csharp public ISecurityGroup KubectlSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup A security group to use for \`kubectl\` execution. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ### INodegroup - *Extends:* Amazon.CDK.IResource - *Implemented By:* Nodegroup, INodegroup NodeGroup interface. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Constructs.Node | The tree node. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | NodegroupName | string | Name of the nodegroup. | --- ##### \`Node\`Required \`\`\`csharp public Node Node { get; } \`\`\` - *Type:* Constructs.Node The tree node. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`NodegroupName\`Required \`\`\`csharp public string NodegroupName { get; } \`\`\` - *Type:* string Name of the nodegroup. --- ## Enums ### CapacityType Capacity type of the managed node group. #### Members | **Name** | **Description** | | --- | --- | | SPOT | spot instances. | | ON_DEMAND | on-demand instances. | --- ##### \`SPOT\` spot instances. --- ##### \`ON_DEMAND\` on-demand instances. --- ### CoreDnsComputeType The type of compute resources to use for CoreDNS. #### Members | **Name** | **Description** | | --- | --- | | EC2 | Deploy CoreDNS on EC2 instances. | | FARGATE | Deploy CoreDNS on Fargate-managed instances. | --- ##### \`EC2\` Deploy CoreDNS on EC2 instances. --- ##### \`FARGATE\` Deploy CoreDNS on Fargate-managed instances. --- ### CpuArch CPU architecture. #### Members | **Name** | **Description** | | --- | --- | | ARM_64 | arm64 CPU type. | | X86_64 | x86_64 CPU type. | --- ##### \`ARM_64\` arm64 CPU type. --- ##### \`X86_64\` x86_64 CPU type. --- ### DefaultCapacityType The default capacity type for the cluster. #### Members | **Name** | **Description** | | --- | --- | | NODEGROUP | managed node group. | | EC2 | EC2 autoscaling group. | --- ##### \`NODEGROUP\` managed node group. --- ##### \`EC2\` EC2 autoscaling group. --- ### MachineImageType The machine image type. #### Members | **Name** | **Description** | | --- | --- | | AMAZON_LINUX_2 | Amazon EKS-optimized Linux AMI. | | BOTTLEROCKET | Bottlerocket AMI. | --- ##### \`AMAZON_LINUX_2\` Amazon EKS-optimized Linux AMI. --- ##### \`BOTTLEROCKET\` Bottlerocket AMI. --- ### NodegroupAmiType The AMI type for your node group. GPU instance types should use the \`AL2_x86_64_GPU\` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the \`AL2_x86_64\` AMI type, which uses the Amazon EKS-optimized Linux AMI. #### Members | **Name** | **Description** | | --- | --- | | AL2_X86_64 | Amazon Linux 2 (x86-64). | | AL2_X86_64_GPU | Amazon Linux 2 with GPU support. | | AL2_ARM_64 | Amazon Linux 2 (ARM-64). | --- ##### \`AL2_X86_64\` Amazon Linux 2 (x86-64). --- ##### \`AL2_X86_64_GPU\` Amazon Linux 2 with GPU support. --- ##### \`AL2_ARM_64\` Amazon Linux 2 (ARM-64). --- ### NodeType Whether the worker nodes should support GPU or just standard instances. #### Members | **Name** | **Description** | | --- | --- | | STANDARD | Standard instances. | | GPU | GPU instances. | | INFERENTIA | Inferentia instances. | --- ##### \`STANDARD\` Standard instances. --- ##### \`GPU\` GPU instances. --- ##### \`INFERENTIA\` Inferentia instances. --- ### PatchType Values for \`kubectl patch\` --type argument. #### Members | **Name** | **Description** | | --- | --- | | JSON | JSON Patch, RFC 6902. | | MERGE | JSON Merge patch. | | STRATEGIC | Strategic merge patch. | --- ##### \`JSON\` JSON Patch, RFC 6902. --- ##### \`MERGE\` JSON Merge patch. --- ##### \`STRATEGIC\` Strategic merge patch. --- " `; exports[`csharp snapshot - submodules 2 1`] = ` "# Amazon EKS Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This construct library allows you to define [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com/eks/) clusters. In addition, the library also supports defining Kubernetes resource manifests within EKS clusters. ## Table Of Contents * [Quick Start](#quick-start) * [API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-eks-readme.html) * [Architectural Overview](#architectural-overview) * [Provisioning clusters](#provisioning-clusters) * [Managed node groups](#managed-node-groups) * [Fargate Profiles](#fargate-profiles) * [Self-managed nodes](#self-managed-nodes) * [Endpoint Access](#endpoint-access) * [VPC Support](#vpc-support) * [Kubectl Support](#kubectl-support) * [ARM64 Support](#arm64-support) * [Masters Role](#masters-role) * [Encryption](#encryption) * [Permissions and Security](#permissions-and-security) * [Applying Kubernetes Resources](#applying-kubernetes-resources) * [Kubernetes Manifests](#kubernetes-manifests) * [Helm Charts](#helm-charts) * [CDK8s Charts](#cdk8s-charts) * [Patching Kubernetes Resources](#patching-kubernetes-resources) * [Querying Kubernetes Resources](#querying-kubernetes-resources) * [Using existing clusters](#using-existing-clusters) * [Known Issues and Limitations](#known-issues-and-limitations) ## Quick Start This example defines an Amazon EKS cluster with the following configuration: * Dedicated VPC with default configuration (Implicitly created using [ec2.Vpc](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html#vpc)) * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image. \`\`\`ts // provisiong a cluster const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, }); // apply a kubernetes manifest to the cluster cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ] } }); \`\`\` In order to interact with your cluster through \`kubectl\`, you can use the \`aws eks update-kubeconfig\` [AWS CLI command](https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html) to configure your local kubeconfig. The EKS module will define a CloudFormation output in your stack which contains the command to run. For example: \`\`\`plaintext Outputs: ClusterConfigCommand43AAE40F = aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy \`\`\` Execute the \`aws eks update-kubeconfig ...\` command in your terminal to create or update a local kubeconfig context: \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` And now you can simply use \`kubectl\`: \`\`\`console $ kubectl get all -n kube-system NAME READY STATUS RESTARTS AGE pod/aws-node-fpmwv 1/1 Running 0 21m pod/aws-node-m9htf 1/1 Running 0 21m pod/coredns-5cb4fb54c7-q222j 1/1 Running 0 23m pod/coredns-5cb4fb54c7-v9nxx 1/1 Running 0 23m ... \`\`\` ## Architectural Overview The following is a qualitative diagram of the various possible components involved in the cluster deployment. \`\`\`text +-----------------------------------------------+ +-----------------+ | EKS Cluster | kubectl | | |-----------------------------------------------|<-------------+| Kubectl Handler | | | | | | | +-----------------+ | +--------------------+ +-----------------+ | | | | | | | | | Managed Node Group | | Fargate Profile | | +-----------------+ | | | | | | | | | +--------------------+ +-----------------+ | | Cluster Handler | | | | | +-----------------------------------------------+ +-----------------+ ^ ^ + | | | | connect self managed capacity | | aws-sdk | | create/update/delete | + | v +--------------------+ + +-------------------+ | | --------------+| eks.amazonaws.com | | Auto Scaling Group | +-------------------+ | | +--------------------+ \`\`\` In a nutshell: * \`EKS Cluster\` - The cluster endpoint created by EKS. * \`Managed Node Group\` - EC2 worker nodes managed by EKS. * \`Fargate Profile\` - Fargate worker nodes managed by EKS. * \`Auto Scaling Group\` - EC2 worker nodes managed by the user. * \`KubectlHandler\` - Lambda function for invoking \`kubectl\` commands on the cluster - created by CDK. * \`ClusterHandler\` - Lambda function for interacting with EKS API to manage the cluster lifecycle - created by CDK. A more detailed breakdown of each is provided further down this README. ## Provisioning clusters Creating a new cluster is done using the \`Cluster\` or \`FargateCluster\` constructs. The only required property is the kubernetes \`version\`. \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` You can also use \`FargateCluster\` to provision a cluster that uses only fargate workers. \`\`\`ts new eks.FargateCluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` > **NOTE: Only 1 cluster per stack is supported.** If you have a use-case for multiple clusters per stack, or would like to understand more about this limitation, see . Below you'll find a few important cluster configuration options. First of which is Capacity. Capacity is the amount and the type of worker nodes that are available to the cluster for deploying resources. Amazon EKS offers 3 ways of configuring capacity, which you can combine as you like: ### Managed node groups Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. With Amazon EKS managed node groups, you don’t need to separately provision or register the Amazon EC2 instances that provide compute capacity to run your Kubernetes applications. You can create, update, or terminate nodes for your cluster with a single operation. Nodes run using the latest Amazon EKS optimized AMIs in your AWS account while node updates and terminations gracefully drain nodes to ensure that your applications stay available. > For more details visit [Amazon EKS Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). **Managed Node Groups are the recommended way to allocate cluster capacity.** By default, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). At cluster instantiation time, you can customize the number of instances and their type: \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); \`\`\` To access the node group that was created on your behalf, you can use \`cluster.defaultNodegroup\`. Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the \`cluster.addNodegroupCapacity\` method: \`\`\`ts const cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 0, }); cluster.addNodegroupCapacity('custom-node-group', { instanceTypes: [new ec2.InstanceType('m5.large')], minSize: 4, diskSize: 100, amiType: eks.NodegroupAmiType.AL2_X86_64_GPU, ... }); \`\`\` #### Spot Instances Support Use \`capacityType\` to create managed node groups comprised of spot instances. To maximize the availability of your applications while using Spot Instances, we recommend that you configure a Spot managed node group to use multiple instance types with the \`instanceTypes\` property. > For more details visit [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types). \`\`\`ts cluster.addNodegroupCapacity('extra-ng-spot', { instanceTypes: [ new ec2.InstanceType('c5.large'), new ec2.InstanceType('c5a.large'), new ec2.InstanceType('c5d.large'), ], minSize: 3, capacityType: eks.CapacityType.SPOT, }); \`\`\` #### Launch Template Support You can specify a launch template that the node group will use. For example, this can be useful if you want to use a custom AMI or add custom user data. When supplying a custom user data script, it must be encoded in the MIME multi-part archive format, since Amazon EKS merges with its own user data. Visit the [Launch Template Docs](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data) for mode details. \`\`\`ts const userData = \`MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "Running custom user data script" --==MYBOUNDARY==--\\\\ \`; const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { instanceType: 't3.small', userData: Fn.base64(userData), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` Note that when using a custom AMI, Amazon EKS doesn't merge any user data. Which means you do not need the multi-part encoding. and are responsible for supplying the required bootstrap commands for nodes to join the cluster. In the following example, \`/ect/eks/bootstrap.sh\` from the AMI will be used to bootstrap the node. \`\`\`ts const userData = ec2.UserData.forLinux(); userData.addCommands( 'set -o xtrace', \`/etc/eks/bootstrap.sh \${cluster.clusterName}\`, ); const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { imageId: 'some-ami-id', // custom AMI instanceType: 't3.small', userData: Fn.base64(userData.render()), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` You may specify one \`instanceType\` in the launch template or multiple \`instanceTypes\` in the node group, **but not both**. > For more details visit [Launch Template Support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). Graviton 2 instance types are supported including \`c6g\`, \`m6g\`, \`r6g\` and \`t4g\`. ### Fargate profiles AWS Fargate is a technology that provides on-demand, right-sized compute capacity for containers. With AWS Fargate, you no longer have to provision, configure, or scale groups of virtual machines to run containers. This removes the need to choose server types, decide when to scale your node groups, or optimize cluster packing. You can control which pods start on Fargate and how they run with Fargate Profiles, which are defined as part of your Amazon EKS cluster. See [Fargate Considerations](https://docs.aws.amazon.com/eks/latest/userguide/fargate.html#fargate-considerations) in the AWS EKS User Guide. You can add Fargate Profiles to any EKS cluster defined in your CDK app through the \`addFargateProfile()\` method. The following example adds a profile that will match all pods from the "default" namespace: \`\`\`ts cluster.addFargateProfile('MyProfile', { selectors: [ { namespace: 'default' } ] }); \`\`\` You can also directly use the \`FargateProfile\` construct to create profiles under different scopes: \`\`\`ts new eks.FargateProfile(scope, 'MyProfile', { cluster, ... }); \`\`\` To create an EKS cluster that **only** uses Fargate capacity, you can use \`FargateCluster\`. The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns). \`\`\`ts const cluster = new eks.FargateCluster(this, 'MyCluster', { version: eks.KubernetesVersion.V1_19, }); \`\`\` **NOTE**: Classic Load Balancers and Network Load Balancers are not supported on pods running on Fargate. For ingress, we recommend that you use the [ALB Ingress Controller](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) on Amazon EKS (minimum version v1.1.4). ### Self-managed nodes Another way of allocating capacity to an EKS cluster is by using self-managed nodes. EC2 instances that are part of the auto-scaling group will serve as worker nodes for the cluster. This type of capacity is also commonly referred to as *EC2 Capacity** or *EC2 Nodes*. For a detailed overview please visit [Self Managed Nodes](https://docs.aws.amazon.com/eks/latest/userguide/worker.html). Creating an auto-scaling group and connecting it to the cluster is done using the \`cluster.addAutoScalingGroupCapacity\` method: \`\`\`ts cluster.addAutoScalingGroupCapacity('frontend-nodes', { instanceType: new ec2.InstanceType('t2.medium'), minCapacity: 3, vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC } }); \`\`\` To connect an already initialized auto-scaling group, use the \`cluster.connectAutoScalingGroupCapacity()\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...); cluster.connectAutoScalingGroupCapacity(asg); \`\`\` In both cases, the [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#cluster-sg) will be automatically attached to the auto-scaling group, allowing for traffic to flow freely between managed and self-managed nodes. > **Note:** The default \`updateType\` for auto-scaling groups does not replace existing nodes. Since security groups are determined at launch time, self-managed nodes that were provisioned with version \`1.78.0\` or lower, will not be updated. > To apply the new configuration on all your self-managed nodes, you'll need to replace the nodes using the \`UpdateType.REPLACING_UPDATE\` policy for the [\`updateType\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-autoscaling.AutoScalingGroup.html#updatetypespan-classapi-icon-api-icon-deprecated-titlethis-api-element-is-deprecated-its-use-is-not-recommended%EF%B8%8Fspan) property. You can customize the [/etc/eks/boostrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) script, which is responsible for bootstrapping the node to the EKS cluster. For example, you can use \`kubeletExtraArgs\` to add custom node labels or taints. \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { instanceType: new ec2.InstanceType('t3.large'), minCapacity: 2, bootstrapOptions: { kubeletExtraArgs: '--node-labels foo=bar,goo=far', awsApiRetryAttempts: 5 } }); \`\`\` To disable bootstrapping altogether (i.e. to fully customize user-data), set \`bootstrapEnabled\` to \`false\`. You can also configure the cluster to use an auto-scaling group as the default capacity: \`\`\`ts cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacityType: eks.DefaultCapacityType.EC2, }); \`\`\` This will allocate an auto-scaling group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). To access the \`AutoScalingGroup\` that was created on your behalf, you can use \`cluster.defaultCapacity\`. You can also independently create an \`AutoScalingGroup\` and connect it to the cluster using the \`cluster.connectAutoScalingGroupCapacity\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...) cluster.connectAutoScalingGroupCapacity(asg); \`\`\` This will add the necessary user-data to access the apiserver and configure all connections, roles, and tags needed for the instances in the auto-scaling group to properly join the cluster. #### Spot Instances When using self-managed nodes, you can configure the capacity to use spot instances, greatly reducing capacity cost. To enable spot capacity, use the \`spotPrice\` property: \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { spotPrice: '0.1094', instanceType: new ec2.InstanceType('t3.large'), maxCapacity: 10 }); \`\`\` > Spot instance nodes will be labeled with \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. The [AWS Node Termination Handler](https://github.com/aws/aws-node-termination-handler) \`DaemonSet\` will be installed from [Amazon EKS Helm chart repository](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler) on these nodes. The termination handler ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as [EC2 maintenance events](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) and [EC2 Spot interruptions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html) and helps gracefully stop all pods running on spot nodes that are about to be terminated. > Handler Version: [1.7.0](https://github.com/aws/aws-node-termination-handler/releases/tag/v1.7.0) > > Chart Version: [0.9.5](https://github.com/aws/eks-charts/blob/v0.0.28/stable/aws-node-termination-handler/Chart.yaml) To disable the installation of the termination handler, set the \`spotInterruptHandler\` property to \`false\`. This applies both to \`addAutoScalingGroupCapacity\` and \`connectAutoScalingGroupCapacity\`. #### Bottlerocket [Bottlerocket](https://aws.amazon.com/bottlerocket/) is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts. At this moment, \`Bottlerocket\` is only supported when using self-managed auto-scaling groups. > **NOTICE**: Bottlerocket is only available in [some supported AWS regions](https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#finding-an-ami). The following example will create an auto-scaling group of 2 \`t3.small\` Linux instances running with the \`Bottlerocket\` AMI. \`\`\`ts cluster.addAutoScalingGroupCapacity('BottlerocketNodes', { instanceType: new ec2.InstanceType('t3.small'), minCapacity: 2, machineImageType: eks.MachineImageType.BOTTLEROCKET }); \`\`\` The specific Bottlerocket AMI variant will be auto selected according to the k8s version for the \`x86_64\` architecture. For example, if the Amazon EKS cluster version is \`1.17\`, the Bottlerocket AMI variant will be auto selected as \`aws-k8s-1.17\` behind the scene. > See [Variants](https://github.com/bottlerocket-os/bottlerocket/blob/develop/README.md#variants) for more details. Please note Bottlerocket does not allow to customize bootstrap options and \`bootstrapOptions\` properties is not supported when you create the \`Bottlerocket\` capacity. ### Endpoint Access When you create a new cluster, Amazon EKS creates an endpoint for the managed Kubernetes API server that you use to communicate with your cluster (using Kubernetes management tools such as \`kubectl\`) By default, this API server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC). You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the \`endpointAccess\` property: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, endpointAccess: eks.EndpointAccess.PRIVATE // No access outside of your VPC. }); \`\`\` The default value is \`eks.EndpointAccess.PUBLIC_AND_PRIVATE\`. Which means the cluster endpoint is accessible from outside of your VPC, but worker node traffic and \`kubectl\` commands issued by this library stay within your VPC. ### VPC Support You can specify the VPC of the cluster using the \`vpc\` and \`vpcSubnets\` properties: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }] }); \`\`\` > Note: Isolated VPCs (i.e with no internet access) are not currently supported. See https://github.com/aws/aws-cdk/issues/12171 If you do not specify a VPC, one will be created on your behalf, which you can then access via \`cluster.vpc\`. The cluster VPC will be associated to any EKS managed capacity (i.e Managed Node Groups and Fargate Profiles). If you allocate self managed capacity, you can specify which subnets should the auto-scaling group use: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); cluster.addAutoScalingGroupCapacity('nodes', { vpcSubnets: { subnets: vpc.privateSubnets } }); \`\`\` There are two additional components you might want to provision within the VPC. #### Kubectl Handler The \`KubectlHandler\` is a Lambda function responsible to issuing \`kubectl\` and \`helm\` commands against the cluster when you add resource manifests to the cluster. The handler association to the VPC is derived from the \`endpointAccess\` configuration. The rule of thumb is: *If the cluster VPC can be associated, it will be*. Breaking this down, it means that if the endpoint exposes private access (via \`EndpointAccess.PRIVATE\` or \`EndpointAccess.PUBLIC_AND_PRIVATE\`), and the VPC contains **private** subnets, the Lambda function will be provisioned inside the VPC and use the private subnets to interact with the cluster. This is the common use-case. If the endpoint does not expose private access (via \`EndpointAccess.PUBLIC\`) **or** the VPC does not contain private subnets, the function will not be provisioned within the VPC. #### Cluster Handler The \`ClusterHandler\` is a Lambda function responsible to interact with the EKS API in order to control the cluster lifecycle. To provision this function inside the VPC, set the \`placeClusterHandlerInVpc\` property to \`true\`. This will place the function inside the private subnets of the VPC based on the selection strategy specified in the [\`vpcSubnets\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-eks.Cluster.html#vpcsubnetsspan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) property. You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, clusterHandlerEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` ### Kubectl Support The resources are created in the cluster by running \`kubectl apply\` from a python lambda function. #### Environment You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` #### Runtime The kubectl handler uses \`kubectl\`, \`helm\` and the \`aws\` CLI in order to interact with the cluster. These are bundled into AWS Lambda layers included in the \`@aws-cdk/lambda-layer-awscli\` and \`@aws-cdk/lambda-layer-kubectl\` modules. You can specify a custom \`lambda.LayerVersion\` if you wish to use a different version of these tools. The handler expects the layer to include the following three executables: \`\`\`text helm/helm kubectl/kubectl awscli/aws \`\`\` See more information in the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-awscli/layer) for @aws-cdk/lambda-layer-awscli and the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-kubectl/layer) for @aws-cdk/lambda-layer-kubectl. \`\`\`ts const layer = new lambda.LayerVersion(this, 'KubectlLayer', { code: lambda.Code.fromAsset('layer.zip'), }); \`\`\` Now specify when the cluster is defined: \`\`\`ts const cluster = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, }); // or const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlLayer: layer, }); \`\`\` #### Memory By default, the kubectl provider is configured with 1024MiB of memory. You can use the \`kubectlMemory\` option to specify the memory size for the AWS Lambda function: \`\`\`ts import { Size } from 'aws-cdk-lib'; new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); // or eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); \`\`\` ### ARM64 Support Instance types with \`ARM64\` architecture are supported in both managed nodegroup and self-managed capacity. Simply specify an ARM64 \`instanceType\` (such as \`m6g.medium\`), and the latest Amazon Linux 2 AMI for ARM64 will be automatically selected. \`\`\`ts // add a managed ARM64 nodegroup cluster.addNodegroupCapacity('extra-ng-arm', { instanceTypes: [new ec2.InstanceType('m6g.medium')], minSize: 2, }); // add a self-managed ARM64 nodegroup cluster.addAutoScalingGroupCapacity('self-ng-arm', { instanceType: new ec2.InstanceType('m6g.medium'), minCapacity: 2, }) \`\`\` ### Masters Role When you create a cluster, you can specify a \`mastersRole\`. The \`Cluster\` construct will associate this role with the \`system:masters\` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster. \`\`\`ts const role = new iam.Role(...); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, mastersRole: role, }); \`\`\` If you do not specify it, a default role will be created on your behalf, that can be assumed by anyone in the account with \`sts:AssumeRole\` permissions for this role. This is the role you see as part of the stack outputs mentioned in the [Quick Start](#quick-start). \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` ### Encryption When you create an Amazon EKS cluster, envelope encryption of Kubernetes secrets using the AWS Key Management Service (AWS KMS) can be enabled. The documentation on [creating a cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) can provide more details about the customer master key (CMK) that can be used for the encryption. You can use the \`secretsEncryptionKey\` to configure which key the cluster will use to encrypt Kubernetes secrets. By default, an AWS Managed key will be used. > This setting can only be specified when the cluster is created and cannot be updated. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, // ... }); \`\`\` You can also use a similar configuration for running a cluster built using the FargateCluster construct. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey }); \`\`\` The Amazon Resource Name (ARN) for that CMK can be retrieved. \`\`\`ts const clusterEncryptionConfigKeyArn = cluster.clusterEncryptionConfigKeyArn; \`\`\` ## Permissions and Security Amazon EKS provides several mechanism of securing the cluster and granting permissions to specific IAM users and roles. ### AWS IAM Mapping As described in the [Amazon EKS User Guide](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html), you can map AWS IAM users and roles to [Kubernetes Role-based access control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac). The Amazon EKS construct manages the *aws-auth* \`ConfigMap\` Kubernetes resource on your behalf and exposes an API through the \`cluster.awsAuth\` for mapping users, roles and accounts. Furthermore, when auto-scaling group capacity is added to the cluster, the IAM instance role of the auto-scaling group will be automatically mapped to RBAC so nodes can connect to the cluster. No manual mapping is required. For example, let's say you want to grant an IAM user administrative privileges on your cluster: \`\`\`ts const adminUser = new iam.User(this, 'Admin'); cluster.awsAuth.addUserMapping(adminUser, { groups: [ 'system:masters' ]}); \`\`\` A convenience method for mapping a role to the \`system:masters\` group is also available: \`\`\`ts cluster.awsAuth.addMastersRole(role) \`\`\` ### Cluster Security Group When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) is automatically created as well. This security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. The ID for that security group can be retrieved after creating the cluster. \`\`\`ts const clusterSecurityGroupId = cluster.clusterSecurityGroupId; \`\`\` ### Node SSH Access If you want to be able to SSH into your worker nodes, you must already have an SSH key in the region you're connecting to and pass it when you add capacity to the cluster. You must also be able to connect to the hosts (meaning they must have a public IP and you should be allowed to connect to them on port 22): See [SSH into nodes](test/example.ssh-into-nodes.lit.ts) for a code example. If you want to SSH into nodes in a private subnet, you should set up a bastion host in a public subnet. That setup is recommended, but is unfortunately beyond the scope of this documentation. ### Service Accounts With services account you can provide Kubernetes Pods access to AWS resources. \`\`\`ts // add service account const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); const mypod = cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { serviceAccountName: sa.serviceAccountName containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ], } ] } }); // create the resource after the service account. mypod.node.addDependency(sa); // print the IAM role arn for this service account new cdk.CfnOutput(this, 'ServiceAccountIamRole', { value: sa.role.roleArn }) \`\`\` Note that using \`sa.serviceAccountName\` above **does not** translate into a resource dependency. This is why an explicit dependency is needed. See for more details. You can also add service accounts to existing clusters. To do so, pass the \`openIdConnectProvider\` property when you import the cluster into the application. \`\`\`ts // you can import an existing provider const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC'); // or create a new one using an existing issuer url const provider = new eks.OpenIdConnectProvider(this, 'Provider', issuerUrl); const cluster = eks.Cluster.fromClusterAttributes({ clusterName: 'Cluster', openIdConnectProvider: provider, kubectlRoleArn: 'arn:aws:iam::123456:role/service-role/k8sservicerole', }); const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); // ... \`\`\` Note that adding service accounts requires running \`kubectl\` commands against the cluster. This means you must also pass the \`kubectlRoleArn\` when importing the cluster. See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/master/packages/@aws-cdk/aws-eks#using-existing-clusters). ## Applying Kubernetes Resources The library supports several popular resource deployment mechanisms, among which are: ### Kubernetes Manifests The \`KubernetesManifest\` construct or \`cluster.addManifest\` method can be used to apply Kubernetes resource manifests to this cluster. > When using \`cluster.addManifest\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new KubernetesManifest\` to create the manifest in the scope of the other stack. The following examples will deploy the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) service on the cluster: \`\`\`ts const appLabel = { app: "hello-kubernetes" }; const deployment = { apiVersion: "apps/v1", kind: "Deployment", metadata: { name: "hello-kubernetes" }, spec: { replicas: 3, selector: { matchLabels: appLabel }, template: { metadata: { labels: appLabel }, spec: { containers: [ { name: "hello-kubernetes", image: "paulbouwer/hello-kubernetes:1.5", ports: [ { containerPort: 8080 } ] } ] } } } }; const service = { apiVersion: "v1", kind: "Service", metadata: { name: "hello-kubernetes" }, spec: { type: "LoadBalancer", ports: [ { port: 80, targetPort: 8080 } ], selector: appLabel } }; // option 1: use a construct new KubernetesManifest(this, 'hello-kub', { cluster, manifest: [ deployment, service ] }); // or, option2: use \`addManifest\` cluster.addManifest('hello-kub', service, deployment); \`\`\` #### Adding resources from a URL The following example will deploy the resource manifest hosting on remote server: \`\`\`ts import * as yaml from 'js-yaml'; import * as request from 'sync-request'; const manifestUrl = 'https://url/of/manifest.yaml'; const manifest = yaml.safeLoadAll(request('GET', manifestUrl).getBody()); cluster.addManifest('my-resource', ...manifest); \`\`\` #### Dependencies There are cases where Kubernetes resources must be deployed in a specific order. For example, you cannot define a resource in a Kubernetes namespace before the namespace was created. You can represent dependencies between \`KubernetesManifest\`s using \`resource.node.addDependency()\`: \`\`\`ts const namespace = cluster.addManifest('my-namespace', { apiVersion: 'v1', kind: 'Namespace', metadata: { name: 'my-app' } }); const service = cluster.addManifest('my-service', { metadata: { name: 'myservice', namespace: 'my-app' }, spec: // ... }); service.node.addDependency(namespace); // will apply \`my-namespace\` before \`my-service\`. \`\`\` **NOTE:** when a \`KubernetesManifest\` includes multiple resources (either directly or through \`cluster.addManifest()\`) (e.g. \`cluster.addManifest('foo', r1, r2, r3,...)\`), these resources will be applied as a single manifest via \`kubectl\` and will be applied sequentially (the standard behavior in \`kubectl\`). --- Since Kubernetes manifests are implemented as CloudFormation resources in the CDK. This means that if the manifest is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`kubectl delete\` command and the Kubernetes resources in that manifest will be deleted. #### Resource Pruning When a resource is deleted from a Kubernetes manifest, the EKS module will automatically delete these resources by injecting a _prune label_ to all manifest resources. This label is then passed to [\`kubectl apply --prune\`]. [\`kubectl apply --prune\`]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label Pruning is enabled by default but can be disabled through the \`prune\` option when a cluster is defined: \`\`\`ts new Cluster(this, 'MyCluster', { prune: false }); \`\`\` #### Manifests Validation The \`kubectl\` CLI supports applying a manifest by skipping the validation. This can be accomplished by setting the \`skipValidation\` flag to \`true\` in the \`KubernetesManifest\` props. \`\`\`ts new eks.KubernetesManifest(this, 'HelloAppWithoutValidation', { cluster: this.cluster, manifest: [ deployment, service ], skipValidation: true, }); \`\`\` ### Helm Charts The \`HelmChart\` construct or \`cluster.addHelmChart\` method can be used to add Kubernetes resources to this cluster using Helm. > When using \`cluster.addHelmChart\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new HelmChart\` to create the chart in the scope of the other stack. The following example will install the [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to your cluster using Helm. \`\`\`ts // option 1: use a construct new HelmChart(this, 'NginxIngress', { cluster, chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); // or, option2: use \`addHelmChart\` cluster.addHelmChart('NginxIngress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); \`\`\` Helm charts will be installed and updated using \`helm upgrade --install\`, where a few parameters are being passed down (such as \`repo\`, \`values\`, \`version\`, \`namespace\`, \`wait\`, \`timeout\`, etc). This means that if the chart is added to CDK with the same release name, it will try to update the chart in the cluster. Helm charts are implemented as CloudFormation resources in CDK. This means that if the chart is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`helm uninstall\` command and the Helm chart will be deleted. When there is no \`release\` defined, a unique ID will be allocated for the release based on the construct path. By default, all Helm charts will be installed concurrently. In some cases, this could cause race conditions where two Helm charts attempt to deploy the same resource or if Helm charts depend on each other. You can use \`chart.node.addDependency()\` in order to declare a dependency order between charts: \`\`\`ts const chart1 = cluster.addHelmChart(...); const chart2 = cluster.addHelmChart(...); chart2.node.addDependency(chart1); \`\`\` #### CDK8s Charts [CDK8s](https://cdk8s.io/) is an open-source library that enables Kubernetes manifest authoring using familiar programming languages. It is founded on the same technologies as the AWS CDK, such as [\`constructs\`](https://github.com/aws/constructs) and [\`jsii\`](https://github.com/aws/jsii). > To learn more about cdk8s, visit the [Getting Started](https://github.com/awslabs/cdk8s/tree/master/docs/getting-started) tutorials. The EKS module natively integrates with cdk8s and allows you to apply cdk8s charts on AWS EKS clusters via the \`cluster.addCdk8sChart\` method. In addition to \`cdk8s\`, you can also use [\`cdk8s+\`](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-plus), which provides higher level abstraction for the core kubernetes api objects. You can think of it like the \`L2\` constructs for Kubernetes. Any other \`cdk8s\` based libraries are also supported, for example [\`cdk8s-debore\`](https://github.com/toricls/cdk8s-debore). To get started, add the following dependencies to your \`package.json\` file: \`\`\`json "dependencies": { "cdk8s": "0.30.0", "cdk8s-plus": "0.30.0", "constructs": "3.0.4" } \`\`\` > Note that the version of \`cdk8s\` must be \`>=0.30.0\`. Similarly to how you would create a stack by extending \`@aws-cdk/core.Stack\`, we recommend you create a chart of your own that extends \`cdk8s.Chart\`, and add your kubernetes resources to it. You can use \`aws-cdk\` construct attributes and properties inside your \`cdk8s\` construct freely. In this example we create a chart that accepts an \`s3.Bucket\` and passes its name to a kubernetes pod as an environment variable. Notice that the chart must accept a \`constructs.Construct\` type as its scope, not an \`@aws-cdk/core.Construct\` as you would normally use. For this reason, to avoid possible confusion, we will create the chart in a separate file: \`+ my-chart.ts\` \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface MyChartProps { readonly bucket: s3.Bucket; } export class MyChart extends cdk8s.Chart { constructor(scope: constructs.Construct, id: string, props: MyChartProps) { super(scope, id); new kplus.Pod(this, 'Pod', { spec: { containers: [ new kplus.Container({ image: 'my-image', env: { BUCKET_NAME: kplus.EnvValue.fromValue(props.bucket.bucketName), }, }), ], }, }); } } \`\`\` Then, in your AWS CDK app: \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as cdk8s from 'cdk8s'; import { MyChart } from './my-chart'; // some bucket.. const bucket = new s3.Bucket(this, 'Bucket'); // create a cdk8s chart and use \`cdk8s.App\` as the scope. const myChart = new MyChart(new cdk8s.App(), 'MyChart', { bucket }); // add the cdk8s chart to the cluster cluster.addCdk8sChart('my-chart', myChart); \`\`\` ##### Custom CDK8s Constructs You can also compose a few stock \`cdk8s+\` constructs into your own custom construct. However, since mixing scopes between \`aws-cdk\` and \`cdk8s\` is currently not supported, the \`Construct\` class you'll need to use is the one from the [\`constructs\`](https://github.com/aws/constructs) module, and not from \`@aws-cdk/core\` like you normally would. This is why we used \`new cdk8s.App()\` as the scope of the chart above. \`\`\`ts import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface LoadBalancedWebService { readonly port: number; readonly image: string; readonly replicas: number; } export class LoadBalancedWebService extends constructs.Construct { constructor(scope: constructs.Construct, id: string, props: LoadBalancedWebService) { super(scope, id); const deployment = new kplus.Deployment(chart, 'Deployment', { spec: { replicas: props.replicas, podSpecTemplate: { containers: [ new kplus.Container({ image: props.image }) ] } }, }); deployment.expose({port: props.port, serviceType: kplus.ServiceType.LOAD_BALANCER}) } } \`\`\` ##### Manually importing k8s specs and CRD's If you find yourself unable to use \`cdk8s+\`, or just like to directly use the \`k8s\` native objects or CRD's, you can do so by manually importing them using the \`cdk8s-cli\`. See [Importing kubernetes objects](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-cli#import) for detailed instructions. ## Patching Kubernetes Resources The \`KubernetesPatch\` construct can be used to update existing kubernetes resources. The following example can be used to patch the \`hello-kubernetes\` deployment from the example above with 5 replicas. \`\`\`ts new KubernetesPatch(this, 'hello-kub-deployment-label', { cluster, resourceName: "deployment/hello-kubernetes", applyPatch: { spec: { replicas: 5 } }, restorePatch: { spec: { replicas: 3 } } }) \`\`\` ## Querying Kubernetes Resources The \`KubernetesObjectValue\` construct can be used to query for information about kubernetes objects, and use that as part of your CDK application. For example, you can fetch the address of a [\`LoadBalancer\`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) type service: \`\`\`ts // query the load balancer address const myServiceAddress = new KubernetesObjectValue(this, 'LoadBalancerAttribute', { cluster: cluster, objectType: 'service', objectName: 'my-service', jsonPath: '.status.loadBalancer.ingress[0].hostname', // https://kubernetes.io/docs/reference/kubectl/jsonpath/ }); // pass the address to a lambda function const proxyFunction = new lambda.Function(this, 'ProxyFunction', { ... environment: { myServiceAddress: myServiceAddress.value }, }) \`\`\` Specifically, since the above use-case is quite common, there is an easier way to access that information: \`\`\`ts const loadBalancerAddress = cluster.getServiceLoadBalancerAddress('my-service'); \`\`\` ## Using existing clusters The Amazon EKS library allows defining Kubernetes resources such as [Kubernetes manifests](#kubernetes-resources) and [Helm charts](#helm-charts) on clusters that are not defined as part of your CDK app. First, you'll need to "import" a cluster to your CDK app. To do that, use the \`eks.Cluster.fromClusterAttributes()\` static method: \`\`\`ts const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { clusterName: 'my-cluster-name', kubectlRoleArn: 'arn:aws:iam::1111111:role/iam-role-that-has-masters-access', }); \`\`\` Then, you can use \`addManifest\` or \`addHelmChart\` to define resources inside your Kubernetes cluster. For example: \`\`\`ts cluster.addManifest('Test', { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'myconfigmap', }, data: { Key: 'value', Another: '123454', }, }); \`\`\` At the minimum, when importing clusters for \`kubectl\` management, you will need to specify: * \`clusterName\` - the name of the cluster. * \`kubectlRoleArn\` - the ARN of an IAM role mapped to the \`system:masters\` RBAC role. If the cluster you are importing was created using the AWS CDK, the CloudFormation stack has an output that includes an IAM role that can be used. Otherwise, you can create an IAM role and map it to \`system:masters\` manually. The trust policy of this role should include the the \`arn:aws::iam::\${accountId}:root\` principal in order to allow the execution role of the kubectl resource to assume it. If the cluster is configured with private-only or private and restricted public Kubernetes [endpoint access](#endpoint-access), you must also specify: * \`kubectlSecurityGroupId\` - the ID of an EC2 security group that is allowed connections to the cluster's control security group. For example, the EKS managed [cluster security group](#cluster-security-group). * \`kubectlPrivateSubnetIds\` - a list of private VPC subnets IDs that will be used to access the Kubernetes endpoint. ## Known Issues and Limitations * [One cluster per stack](https://github.com/aws/aws-cdk/issues/10073) * [Service Account dependencies](https://github.com/aws/aws-cdk/issues/9910) * [Support isolated VPCs](https://github.com/aws/aws-cdk/issues/12171) # API Reference ## Constructs ### AwsAuth Manages mapping between IAM users and roles to Kubernetes RBAC configuration. > [https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html) #### Initializers \`\`\`csharp using Amazon.CDK; new AwsAuth(Construct Scope, string Id, AwsAuthProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | AwsAuthProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* AwsAuthProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | AddAccount | Additional AWS account to add to the aws-auth configmap. | | AddMastersRole | Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. | | AddRoleMapping | Adds a mapping between an IAM role to a Kubernetes user and groups. | | AddUserMapping | Adds a mapping between an IAM user to a Kubernetes user and groups. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`AddAccount\` \`\`\`csharp private void AddAccount(string AccountId) \`\`\` Additional AWS account to add to the aws-auth configmap. ###### \`AccountId\`Required - *Type:* string account number. --- ##### \`AddMastersRole\` \`\`\`csharp private void AddMastersRole(IRole Role, string Username = null) \`\`\` Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. ###### \`Role\`Required - *Type:* Amazon.CDK.aws_iam.IRole The IAM role to add. --- ###### \`Username\`Optional - *Type:* string Optional user (defaults to the role ARN). --- ##### \`AddRoleMapping\` \`\`\`csharp private void AddRoleMapping(IRole Role, AwsAuthMapping Mapping) \`\`\` Adds a mapping between an IAM role to a Kubernetes user and groups. ###### \`Role\`Required - *Type:* Amazon.CDK.aws_iam.IRole The IAM role to map. --- ###### \`Mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- ##### \`AddUserMapping\` \`\`\`csharp private void AddUserMapping(IUser User, AwsAuthMapping Mapping) \`\`\` Adds a mapping between an IAM user to a Kubernetes user and groups. ###### \`User\`Required - *Type:* Amazon.CDK.aws_iam.IUser The IAM user to map. --- ###### \`Mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; AwsAuth.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ### CfnAddon - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializers \`\`\`csharp using Amazon.CDK; new CfnAddon(Construct Scope, string Id, CfnAddonProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnAddonProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnAddonProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", new [] { "myattribute" }); cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; CfnAddon.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK; CfnAddon.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK; CfnAddon.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::EKS::Addon.Tags\`. | | AddonName | string | \`AWS::EKS::Addon.AddonName\`. | | ClusterName | string | \`AWS::EKS::Addon.ClusterName\`. | | AddonVersion | string | \`AWS::EKS::Addon.AddonVersion\`. | | ResolveConflicts | string | \`AWS::EKS::Addon.ResolveConflicts\`. | | ServiceAccountRoleArn | string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ##### \`AddonName\`Required \`\`\`csharp public string AddonName { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`AddonVersion\`Optional \`\`\`csharp public string AddonVersion { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`ResolveConflicts\`Optional \`\`\`csharp public string ResolveConflicts { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`ServiceAccountRoleArn\`Optional \`\`\`csharp public string ServiceAccountRoleArn { get; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnCluster - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializers \`\`\`csharp using Amazon.CDK; new CfnCluster(Construct Scope, string Id, CfnClusterProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnClusterProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnClusterProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", new [] { "myattribute" }); cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; CfnCluster.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK; CfnCluster.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK; CfnCluster.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | AttrCertificateAuthorityData | string | *No description.* | | AttrClusterSecurityGroupId | string | *No description.* | | AttrEncryptionConfigKeyArn | string | *No description.* | | AttrEndpoint | string | *No description.* | | AttrOpenIdConnectIssuerUrl | string | *No description.* | | ResourcesVpcConfig | object | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | RoleArn | string | \`AWS::EKS::Cluster.RoleArn\`. | | EncryptionConfig | object | \`AWS::EKS::Cluster.EncryptionConfig\`. | | KubernetesNetworkConfig | object | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | Name | string | \`AWS::EKS::Cluster.Name\`. | | Version | string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`AttrCertificateAuthorityData\`Required \`\`\`csharp public string AttrCertificateAuthorityData { get; } \`\`\` - *Type:* string --- ##### \`AttrClusterSecurityGroupId\`Required \`\`\`csharp public string AttrClusterSecurityGroupId { get; } \`\`\` - *Type:* string --- ##### \`AttrEncryptionConfigKeyArn\`Required \`\`\`csharp public string AttrEncryptionConfigKeyArn { get; } \`\`\` - *Type:* string --- ##### \`AttrEndpoint\`Required \`\`\`csharp public string AttrEndpoint { get; } \`\`\` - *Type:* string --- ##### \`AttrOpenIdConnectIssuerUrl\`Required \`\`\`csharp public string AttrOpenIdConnectIssuerUrl { get; } \`\`\` - *Type:* string --- ##### \`ResourcesVpcConfig\`Required \`\`\`csharp public object ResourcesVpcConfig { get; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`RoleArn\`Required \`\`\`csharp public string RoleArn { get; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`EncryptionConfig\`Optional \`\`\`csharp public object EncryptionConfig { get; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`KubernetesNetworkConfig\`Optional \`\`\`csharp public object KubernetesNetworkConfig { get; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnFargateProfile - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializers \`\`\`csharp using Amazon.CDK; new CfnFargateProfile(Construct Scope, string Id, CfnFargateProfileProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnFargateProfileProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnFargateProfileProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", new [] { "myattribute" }); cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; CfnFargateProfile.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK; CfnFargateProfile.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK; CfnFargateProfile.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::EKS::FargateProfile.Tags\`. | | ClusterName | string | \`AWS::EKS::FargateProfile.ClusterName\`. | | PodExecutionRoleArn | string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | Selectors | object | \`AWS::EKS::FargateProfile.Selectors\`. | | FargateProfileName | string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | Subnets | string[] | \`AWS::EKS::FargateProfile.Subnets\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`PodExecutionRoleArn\`Required \`\`\`csharp public string PodExecutionRoleArn { get; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`Selectors\`Required \`\`\`csharp public object Selectors { get; } \`\`\` - *Type:* object \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`FargateProfileName\`Optional \`\`\`csharp public string FargateProfileName { get; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`Subnets\`Optional \`\`\`csharp public string[] Subnets { get; } \`\`\` - *Type:* string[] \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnNodegroup - *Implements:* Amazon.CDK.IInspectable A CloudFormation \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializers \`\`\`csharp using Amazon.CDK; new CfnNodegroup(Construct Scope, string Id, CfnNodegroupProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Amazon.CDK.Construct | - scope in which this resource is defined. | | Id | string | - scoped id of the resource. | | Props | CfnNodegroupProps | - resource properties. | --- ##### \`Scope\`Required - *Type:* Amazon.CDK.Construct scope in which this resource is defined. --- ##### \`Id\`Required - *Type:* string scoped id of the resource. --- ##### \`Props\`Required - *Type:* CfnNodegroupProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`csharp private void OverrideLogicalId(string NewLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`NewLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`csharp private void AddDeletionOverride(string Path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`Path\`Required - *Type:* string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`csharp private void AddDependsOn(CfnResource Target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`Target\`Required - *Type:* Amazon.CDK.CfnResource --- ##### \`AddMetadata\` \`\`\`csharp private void AddMetadata(string Key, object Value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ###### \`Value\`Required - *Type:* object --- ##### \`AddOverride\` \`\`\`csharp private void AddOverride(string Path, object Value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", new [] { "myattribute" }); cfnResource.AddOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`Path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`Value\`Required - *Type:* object The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`csharp private void AddPropertyDeletionOverride(string PropertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`PropertyPath\`Required - *Type:* string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`csharp private void AddPropertyOverride(string PropertyPath, object Value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`PropertyPath\`Required - *Type:* string The path of the property. --- ###### \`Value\`Required - *Type:* object The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy = null, RemovalPolicyOptions Options = null) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`Policy\`Optional - *Type:* Amazon.CDK.RemovalPolicy --- ###### \`Options\`Optional - *Type:* Amazon.CDK.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`csharp private Reference GetAtt(string AttributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`AttributeName\`Required - *Type:* string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`csharp private object GetMetadata(string Key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`Key\`Required - *Type:* string --- ##### \`Inspect\` \`\`\`csharp private void Inspect(TreeInspector Inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`Inspector\`Required - *Type:* Amazon.CDK.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; CfnNodegroup.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnElement\` \`\`\`csharp using Amazon.CDK; CfnNodegroup.IsCfnElement(object X); \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`X\`Required - *Type:* object --- ##### \`IsCfnResource\` \`\`\`csharp using Amazon.CDK; CfnNodegroup.IsCfnResource(IConstruct Construct); \`\`\` Check whether the given construct is a CfnResource. ###### \`Construct\`Required - *Type:* Constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | CreationStack | string[] | *No description.* | | LogicalId | string | The logical ID for this CloudFormation stack element. | | Stack | Amazon.CDK.Stack | The stack in which this element is defined. | | Ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | Amazon.CDK.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | string | AWS resource type. | | AttrArn | string | *No description.* | | AttrClusterName | string | *No description.* | | AttrNodegroupName | string | *No description.* | | Tags | Amazon.CDK.TagManager | \`AWS::EKS::Nodegroup.Tags\`. | | ClusterName | string | \`AWS::EKS::Nodegroup.ClusterName\`. | | Labels | object | \`AWS::EKS::Nodegroup.Labels\`. | | NodeRole | string | \`AWS::EKS::Nodegroup.NodeRole\`. | | Subnets | string[] | \`AWS::EKS::Nodegroup.Subnets\`. | | AmiType | string | \`AWS::EKS::Nodegroup.AmiType\`. | | CapacityType | string | \`AWS::EKS::Nodegroup.CapacityType\`. | | DiskSize | double | \`AWS::EKS::Nodegroup.DiskSize\`. | | ForceUpdateEnabled | object | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | InstanceTypes | string[] | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | LaunchTemplate | object | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | NodegroupName | string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | ReleaseVersion | string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | RemoteAccess | object | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | ScalingConfig | object | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | Taints | object | \`AWS::EKS::Nodegroup.Taints\`. | | Version | string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`csharp public string[] CreationStack { get; } \`\`\` - *Type:* string[] --- ##### \`LogicalId\`Required \`\`\`csharp public string LogicalId { get; } \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`csharp public string Ref { get; } \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`csharp public ICfnResourceOptions CfnOptions { get; } \`\`\` - *Type:* Amazon.CDK.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`csharp public string CfnResourceType { get; } \`\`\` - *Type:* string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`csharp public string AttrArn { get; } \`\`\` - *Type:* string --- ##### \`AttrClusterName\`Required \`\`\`csharp public string AttrClusterName { get; } \`\`\` - *Type:* string --- ##### \`AttrNodegroupName\`Required \`\`\`csharp public string AttrNodegroupName { get; } \`\`\` - *Type:* string --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`Labels\`Required \`\`\`csharp public object Labels { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`NodeRole\`Required \`\`\`csharp public string NodeRole { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`Subnets\`Required \`\`\`csharp public string[] Subnets { get; } \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`AmiType\`Optional \`\`\`csharp public string AmiType { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`CapacityType\`Optional \`\`\`csharp public string CapacityType { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`DiskSize\`Optional \`\`\`csharp public double DiskSize { get; } \`\`\` - *Type:* double \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`ForceUpdateEnabled\`Optional \`\`\`csharp public object ForceUpdateEnabled { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`InstanceTypes\`Optional \`\`\`csharp public string[] InstanceTypes { get; } \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`LaunchTemplate\`Optional \`\`\`csharp public object LaunchTemplate { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`NodegroupName\`Optional \`\`\`csharp public string NodegroupName { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`ReleaseVersion\`Optional \`\`\`csharp public string ReleaseVersion { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`RemoteAccess\`Optional \`\`\`csharp public object RemoteAccess { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`ScalingConfig\`Optional \`\`\`csharp public object ScalingConfig { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`Taints\`Optional \`\`\`csharp public object Taints { get; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`csharp public string CfnResourceTypeName { get; } \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### Cluster - *Implements:* ICluster A Cluster represents a managed Kubernetes Service (EKS). This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes. #### Initializers \`\`\`csharp using Amazon.CDK; new Cluster(Construct Scope, string Id, ClusterProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | a Construct, most likely a cdk.Stack created. | | Id | string | the id of the Construct to create. | | Props | ClusterProps | properties in the IClusterProps interface. | --- ##### \`Scope\`Required - *Type:* Constructs.Construct a Construct, most likely a cdk.Stack created. --- ##### \`Id\`Required - *Type:* string the id of the Construct to create. --- ##### \`Props\`Required - *Type:* ClusterProps properties in the IClusterProps interface. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddFargateProfile | Adds a Fargate profile to this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | ConnectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | GetServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- ##### \`AddAutoScalingGroupCapacity\` \`\`\`csharp private AutoScalingGroup AddAutoScalingGroupCapacity(string Id, AutoScalingGroupCapacityOptions Options) \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`AddCdk8sChart\` \`\`\`csharp private KubernetesManifest AddCdk8sChart(string Id, Construct Chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Chart\`Required - *Type:* Constructs.Construct the cdk8s chart. --- ##### \`AddFargateProfile\` \`\`\`csharp private FargateProfile AddFargateProfile(string Id, FargateProfileOptions Options) \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`Id\`Required - *Type:* string the id of this profile. --- ###### \`Options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`AddHelmChart\` \`\`\`csharp private HelmChart AddHelmChart(string Id, HelmChartOptions Options) \`\`\` Defines a Helm chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`csharp private KubernetesManifest AddManifest(string Id, System.Collections.Generic.IDictionary Manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`Id\`Required - *Type:* string logical id of this manifest. --- ###### \`Manifest\`Required - *Type:* System.Collections.Generic.IDictionary a list of Kubernetes resource specifications. --- ##### \`AddNodegroupCapacity\` \`\`\`csharp private Nodegroup AddNodegroupCapacity(string Id, NodegroupOptions Options = null) \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`Id\`Required - *Type:* string The ID of the nodegroup. --- ###### \`Options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`AddServiceAccount\` \`\`\`csharp private ServiceAccount AddServiceAccount(string Id, ServiceAccountOptions Options = null) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* ServiceAccountOptions --- ##### \`ConnectAutoScalingGroupCapacity\` \`\`\`csharp private void ConnectAutoScalingGroupCapacity(AutoScalingGroup AutoScalingGroup, AutoScalingGroupOptions Options) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`AutoScalingGroup\`Required - *Type:* Amazon.CDK.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`Options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`GetServiceLoadBalancerAddress\` \`\`\`csharp private string GetServiceLoadBalancerAddress(string ServiceName, ServiceLoadBalancerAddressOptions Options = null) \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`ServiceName\`Required - *Type:* string The name of the service. --- ###### \`Options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | FromClusterAttributes | Import an existing cluster. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; Cluster.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK; Cluster.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Amazon.CDK.IConstruct --- ##### \`FromClusterAttributes\` \`\`\`csharp using Amazon.CDK; Cluster.FromClusterAttributes(Construct Scope, string Id, ClusterAttributes Attrs); \`\`\` Import an existing cluster. ###### \`Scope\`Required - *Type:* Constructs.Construct the construct scope, in most cases 'this'. --- ###### \`Id\`Required - *Type:* string the id or name to import as. --- ###### \`Attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | AdminRole | Amazon.CDK.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | AwsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | ClusterArn | string | The AWS generated ARN for the Cluster resource. | | ClusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | string | The endpoint URL for the Cluster. | | ClusterName | string | The Name of the created EKS Cluster. | | ClusterOpenIdConnectIssuer | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | ClusterOpenIdConnectIssuerUrl | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | ClusterSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | Connections | Amazon.CDK.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | OpenIdConnectProvider | Amazon.CDK.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | Prune | bool | Determines if Kubernetes resources can be pruned automatically. | | Role | Amazon.CDK.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which this Cluster was created. | | DefaultCapacity | Amazon.CDK.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | DefaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | The amount of memory allocated to the kubectl provider's lambda function. | | KubectlPrivateSubnets | Amazon.CDK.aws_ec2.ISubnet[] | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | Amazon.CDK.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`AdminRole\`Required \`\`\`csharp public Role AdminRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`AwsAuth\`Required \`\`\`csharp public AwsAuth AwsAuth { get; } \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`ClusterArn\`Required \`\`\`csharp public string ClusterArn { get; } \`\`\` - *Type:* string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666;cluster / prod; \`\`\` ##### \`ClusterCertificateAuthorityData\`Required \`\`\`csharp public string ClusterCertificateAuthorityData { get; } \`\`\` - *Type:* string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`csharp public string ClusterEncryptionConfigKeyArn { get; } \`\`\` - *Type:* string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`csharp public string ClusterEndpoint { get; } \`\`\` - *Type:* string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string The Name of the created EKS Cluster. --- ##### \`ClusterOpenIdConnectIssuer\`Required \`\`\`csharp public string ClusterOpenIdConnectIssuer { get; } \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterOpenIdConnectIssuerUrl\`Required \`\`\`csharp public string ClusterOpenIdConnectIssuerUrl { get; } \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterSecurityGroup\`Required \`\`\`csharp public ISecurityGroup ClusterSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`csharp public string ClusterSecurityGroupId { get; } \`\`\` - *Type:* string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`Connections\`Required \`\`\`csharp public Connections Connections { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`csharp public IOpenIdConnectProvider OpenIdConnectProvider { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`Prune\`Required \`\`\`csharp public bool Prune { get; } \`\`\` - *Type:* bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`Role\`Required \`\`\`csharp public IRole Role { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`Vpc\`Required \`\`\`csharp public IVpc Vpc { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`DefaultCapacity\`Optional \`\`\`csharp public AutoScalingGroup DefaultCapacity { get; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`DefaultNodegroup\`Optional \`\`\`csharp public Nodegroup DefaultNodegroup { get; } \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; } \`\`\` - *Type:* System.Collections.Generic.IDictionary Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; } \`\`\` - *Type:* Amazon.CDK.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`csharp public ISubnet[] KubectlPrivateSubnets { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISubnet[] - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`KubectlRole\`Optional \`\`\`csharp public IRole KubectlRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`csharp public ISecurityGroup KubectlSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateCluster Defines an EKS cluster that runs entirely on AWS Fargate. The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using \`addFargateProfile\`. #### Initializers \`\`\`csharp using Amazon.CDK; new FargateCluster(Construct Scope, string Id, FargateClusterProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | FargateClusterProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* FargateClusterProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddFargateProfile | Adds a Fargate profile to this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | ConnectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | GetServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- ##### \`AddAutoScalingGroupCapacity\` \`\`\`csharp private AutoScalingGroup AddAutoScalingGroupCapacity(string Id, AutoScalingGroupCapacityOptions Options) \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`AddCdk8sChart\` \`\`\`csharp private KubernetesManifest AddCdk8sChart(string Id, Construct Chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Chart\`Required - *Type:* Constructs.Construct the cdk8s chart. --- ##### \`AddFargateProfile\` \`\`\`csharp private FargateProfile AddFargateProfile(string Id, FargateProfileOptions Options) \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`Id\`Required - *Type:* string the id of this profile. --- ###### \`Options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`AddHelmChart\` \`\`\`csharp private HelmChart AddHelmChart(string Id, HelmChartOptions Options) \`\`\` Defines a Helm chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`csharp private KubernetesManifest AddManifest(string Id, System.Collections.Generic.IDictionary Manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`Id\`Required - *Type:* string logical id of this manifest. --- ###### \`Manifest\`Required - *Type:* System.Collections.Generic.IDictionary a list of Kubernetes resource specifications. --- ##### \`AddNodegroupCapacity\` \`\`\`csharp private Nodegroup AddNodegroupCapacity(string Id, NodegroupOptions Options = null) \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`Id\`Required - *Type:* string The ID of the nodegroup. --- ###### \`Options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`AddServiceAccount\` \`\`\`csharp private ServiceAccount AddServiceAccount(string Id, ServiceAccountOptions Options = null) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`Id\`Required - *Type:* string --- ###### \`Options\`Optional - *Type:* ServiceAccountOptions --- ##### \`ConnectAutoScalingGroupCapacity\` \`\`\`csharp private void ConnectAutoScalingGroupCapacity(AutoScalingGroup AutoScalingGroup, AutoScalingGroupOptions Options) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`AutoScalingGroup\`Required - *Type:* Amazon.CDK.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`Options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`GetServiceLoadBalancerAddress\` \`\`\`csharp private string GetServiceLoadBalancerAddress(string ServiceName, ServiceLoadBalancerAddressOptions Options = null) \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`ServiceName\`Required - *Type:* string The name of the service. --- ###### \`Options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | FromClusterAttributes | Import an existing cluster. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; FargateCluster.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK; FargateCluster.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Amazon.CDK.IConstruct --- ##### \`FromClusterAttributes\` \`\`\`csharp using Amazon.CDK; FargateCluster.FromClusterAttributes(Construct Scope, string Id, ClusterAttributes Attrs); \`\`\` Import an existing cluster. ###### \`Scope\`Required - *Type:* Constructs.Construct the construct scope, in most cases 'this'. --- ###### \`Id\`Required - *Type:* string the id or name to import as. --- ###### \`Attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | AdminRole | Amazon.CDK.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | AwsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | ClusterArn | string | The AWS generated ARN for the Cluster resource. | | ClusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | string | The endpoint URL for the Cluster. | | ClusterName | string | The Name of the created EKS Cluster. | | ClusterOpenIdConnectIssuer | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | ClusterOpenIdConnectIssuerUrl | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | ClusterSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | Connections | Amazon.CDK.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | OpenIdConnectProvider | Amazon.CDK.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | Prune | bool | Determines if Kubernetes resources can be pruned automatically. | | Role | Amazon.CDK.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which this Cluster was created. | | DefaultCapacity | Amazon.CDK.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | DefaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | The amount of memory allocated to the kubectl provider's lambda function. | | KubectlPrivateSubnets | Amazon.CDK.aws_ec2.ISubnet[] | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | Amazon.CDK.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`AdminRole\`Required \`\`\`csharp public Role AdminRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`AwsAuth\`Required \`\`\`csharp public AwsAuth AwsAuth { get; } \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`ClusterArn\`Required \`\`\`csharp public string ClusterArn { get; } \`\`\` - *Type:* string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666;cluster / prod; \`\`\` ##### \`ClusterCertificateAuthorityData\`Required \`\`\`csharp public string ClusterCertificateAuthorityData { get; } \`\`\` - *Type:* string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`csharp public string ClusterEncryptionConfigKeyArn { get; } \`\`\` - *Type:* string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`csharp public string ClusterEndpoint { get; } \`\`\` - *Type:* string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string The Name of the created EKS Cluster. --- ##### \`ClusterOpenIdConnectIssuer\`Required \`\`\`csharp public string ClusterOpenIdConnectIssuer { get; } \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterOpenIdConnectIssuerUrl\`Required \`\`\`csharp public string ClusterOpenIdConnectIssuerUrl { get; } \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterSecurityGroup\`Required \`\`\`csharp public ISecurityGroup ClusterSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`csharp public string ClusterSecurityGroupId { get; } \`\`\` - *Type:* string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`Connections\`Required \`\`\`csharp public Connections Connections { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`csharp public IOpenIdConnectProvider OpenIdConnectProvider { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`Prune\`Required \`\`\`csharp public bool Prune { get; } \`\`\` - *Type:* bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`Role\`Required \`\`\`csharp public IRole Role { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`Vpc\`Required \`\`\`csharp public IVpc Vpc { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`DefaultCapacity\`Optional \`\`\`csharp public AutoScalingGroup DefaultCapacity { get; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`DefaultNodegroup\`Optional \`\`\`csharp public Nodegroup DefaultNodegroup { get; } \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; } \`\`\` - *Type:* System.Collections.Generic.IDictionary Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; } \`\`\` - *Type:* Amazon.CDK.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`csharp public ISubnet[] KubectlPrivateSubnets { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISubnet[] - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`KubectlRole\`Optional \`\`\`csharp public IRole KubectlRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`csharp public ISecurityGroup KubectlSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateProfile - *Implements:* Amazon.CDK.ITaggable Fargate profiles allows an administrator to declare which pods run on Fargate. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate. If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate. #### Initializers \`\`\`csharp using Amazon.CDK; new FargateProfile(Construct Scope, string Id, FargateProfileProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | FargateProfileProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* FargateProfileProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; FargateProfile.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | FargateProfileArn | string | The full Amazon Resource Name (ARN) of the Fargate profile. | | FargateProfileName | string | The name of the Fargate profile. | | PodExecutionRole | Amazon.CDK.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | Tags | Amazon.CDK.TagManager | Resource tags. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`FargateProfileArn\`Required \`\`\`csharp public string FargateProfileArn { get; } \`\`\` - *Type:* string The full Amazon Resource Name (ARN) of the Fargate profile. --- ##### \`FargateProfileName\`Required \`\`\`csharp public string FargateProfileName { get; } \`\`\` - *Type:* string The name of the Fargate profile. --- ##### \`PodExecutionRole\`Required \`\`\`csharp public IRole PodExecutionRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. --- ##### \`Tags\`Required \`\`\`csharp public TagManager Tags { get; } \`\`\` - *Type:* Amazon.CDK.TagManager Resource tags. --- ### HelmChart Represents a helm chart within the Kubernetes system. Applies/deletes the resources using \`kubectl\` in sync with the resource. #### Initializers \`\`\`csharp using Amazon.CDK; new HelmChart(Construct Scope, string Id, HelmChartProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | HelmChartProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* HelmChartProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; HelmChart.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | string | The CloudFormation resource type. | --- ##### \`ResourceType\`Required \`\`\`csharp public string ResourceType { get; } \`\`\` - *Type:* string The CloudFormation resource type. --- ### KubernetesManifest Represents a manifest within the Kubernetes system. Alternatively, you can use \`cluster.addManifest(resource[, resource, ...])\` to define resources on this cluster. Applies/deletes the manifest using \`kubectl\`. #### Initializers \`\`\`csharp using Amazon.CDK; new KubernetesManifest(Construct Scope, string Id, KubernetesManifestProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | KubernetesManifestProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* KubernetesManifestProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; KubernetesManifest.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | string | The CloudFormation reosurce type. | --- ##### \`ResourceType\`Required \`\`\`csharp public string ResourceType { get; } \`\`\` - *Type:* string The CloudFormation reosurce type. --- ### KubernetesObjectValue Represents a value of a specific object deployed in the cluster. Use this to fetch any information available by the \`kubectl get\` command. #### Initializers \`\`\`csharp using Amazon.CDK; new KubernetesObjectValue(Construct Scope, string Id, KubernetesObjectValueProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | KubernetesObjectValueProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* KubernetesObjectValueProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; KubernetesObjectValue.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | Value | string | The value as a string token. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`Value\`Required \`\`\`csharp public string Value { get; } \`\`\` - *Type:* string The value as a string token. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | string | The CloudFormation reosurce type. | --- ##### \`ResourceType\`Required \`\`\`csharp public string ResourceType { get; } \`\`\` - *Type:* string The CloudFormation reosurce type. --- ### KubernetesPatch A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource. > [https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/) #### Initializers \`\`\`csharp using Amazon.CDK; new KubernetesPatch(Construct Scope, string Id, KubernetesPatchProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | KubernetesPatchProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* KubernetesPatchProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; KubernetesPatch.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ### Nodegroup - *Implements:* INodegroup The Nodegroup resource class. #### Initializers \`\`\`csharp using Amazon.CDK; new Nodegroup(Construct Scope, string Id, NodegroupProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | NodegroupProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* NodegroupProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | FromNodegroupName | Import the Nodegroup from attributes. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; Nodegroup.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK; Nodegroup.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Amazon.CDK.IConstruct --- ##### \`FromNodegroupName\` \`\`\`csharp using Amazon.CDK; Nodegroup.FromNodegroupName(Construct Scope, string Id, string NodegroupName); \`\`\` Import the Nodegroup from attributes. ###### \`Scope\`Required - *Type:* Constructs.Construct --- ###### \`Id\`Required - *Type:* string --- ###### \`NodegroupName\`Required - *Type:* string --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | Cluster | ICluster | the Amazon EKS cluster resource. | | NodegroupArn | string | ARN of the nodegroup. | | NodegroupName | string | Nodegroup name. | | Role | Amazon.CDK.aws_iam.IRole | IAM role of the instance profile for the nodegroup. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; } \`\`\` - *Type:* ICluster the Amazon EKS cluster resource. --- ##### \`NodegroupArn\`Required \`\`\`csharp public string NodegroupArn { get; } \`\`\` - *Type:* string ARN of the nodegroup. --- ##### \`NodegroupName\`Required \`\`\`csharp public string NodegroupName { get; } \`\`\` - *Type:* string Nodegroup name. --- ##### \`Role\`Required \`\`\`csharp public IRole Role { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole IAM role of the instance profile for the nodegroup. --- ### OpenIdConnectProvider IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster > [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) #### Initializers \`\`\`csharp using Amazon.CDK; new OpenIdConnectProvider(Construct Scope, string Id, OpenIdConnectProviderProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | The definition scope. | | Id | string | Construct ID. | | Props | OpenIdConnectProviderProps | Initialization properties. | --- ##### \`Scope\`Required - *Type:* Constructs.Construct The definition scope. --- ##### \`Id\`Required - *Type:* string Construct ID. --- ##### \`Props\`Required - *Type:* OpenIdConnectProviderProps Initialization properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`csharp private void ApplyRemovalPolicy(RemovalPolicy Policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`Policy\`Required - *Type:* Amazon.CDK.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | FromOpenIdConnectProviderArn | Imports an Open ID connect provider from an ARN. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; OpenIdConnectProvider.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- ##### \`IsResource\` \`\`\`csharp using Amazon.CDK; OpenIdConnectProvider.IsResource(IConstruct Construct); \`\`\` Check whether the given construct is a Resource. ###### \`Construct\`Required - *Type:* Amazon.CDK.IConstruct --- ##### \`FromOpenIdConnectProviderArn\` \`\`\`csharp using Amazon.CDK; OpenIdConnectProvider.FromOpenIdConnectProviderArn(Construct Scope, string Id, string OpenIdConnectProviderArn); \`\`\` Imports an Open ID connect provider from an ARN. ###### \`Scope\`Required - *Type:* Constructs.Construct The definition scope. --- ###### \`Id\`Required - *Type:* string ID of the construct. --- ###### \`OpenIdConnectProviderArn\`Required - *Type:* string the ARN to import. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | OpenIdConnectProviderArn | string | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. | | OpenIdConnectProviderIssuer | string | The issuer for OIDC Provider. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`OpenIdConnectProviderArn\`Required \`\`\`csharp public string OpenIdConnectProviderArn { get; } \`\`\` - *Type:* string The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. --- ##### \`OpenIdConnectProviderIssuer\`Required \`\`\`csharp public string OpenIdConnectProviderIssuer { get; } \`\`\` - *Type:* string The issuer for OIDC Provider. --- ### ServiceAccount - *Implements:* Amazon.CDK.aws_iam.IPrincipal Service Account. #### Initializers \`\`\`csharp using Amazon.CDK; new ServiceAccount(Construct Scope, string Id, ServiceAccountProps Props); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Scope | Constructs.Construct | *No description.* | | Id | string | *No description.* | | Props | ServiceAccountProps | *No description.* | --- ##### \`Scope\`Required - *Type:* Constructs.Construct --- ##### \`Id\`Required - *Type:* string --- ##### \`Props\`Required - *Type:* ServiceAccountProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | AddToPolicy | Add to the policy of this principal. | | AddToPrincipalPolicy | Add to the policy of this principal. | --- ##### \`ToString\` \`\`\`csharp private string ToString() \`\`\` Returns a string representation of this construct. ##### ~~\`AddToPolicy\`~~ \`\`\`csharp private bool AddToPolicy(PolicyStatement Statement) \`\`\` Add to the policy of this principal. ###### \`Statement\`Required - *Type:* Amazon.CDK.aws_iam.PolicyStatement --- ##### \`AddToPrincipalPolicy\` \`\`\`csharp private AddToPrincipalPolicyResult AddToPrincipalPolicy(PolicyStatement Statement) \`\`\` Add to the policy of this principal. ###### \`Statement\`Required - *Type:* Amazon.CDK.aws_iam.PolicyStatement --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`csharp using Amazon.CDK; ServiceAccount.IsConstruct(object X); \`\`\` Return whether the given object is a Construct. ###### \`X\`Required - *Type:* object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node associated with this construct. | | AssumeRoleAction | string | When this Principal is used in an AssumeRole policy, the action to use. | | GrantPrincipal | Amazon.CDK.aws_iam.IPrincipal | The principal to grant permissions to. | | PolicyFragment | Amazon.CDK.aws_iam.PrincipalPolicyFragment | Return the policy fragment that identifies this principal in a Policy. | | Role | Amazon.CDK.aws_iam.IRole | The role which is linked to the service account. | | ServiceAccountName | string | The name of the service account. | | ServiceAccountNamespace | string | The namespace where the service account is located in. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node associated with this construct. --- ##### \`AssumeRoleAction\`Required \`\`\`csharp public string AssumeRoleAction { get; } \`\`\` - *Type:* string When this Principal is used in an AssumeRole policy, the action to use. --- ##### \`GrantPrincipal\`Required \`\`\`csharp public IPrincipal GrantPrincipal { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IPrincipal The principal to grant permissions to. --- ##### \`PolicyFragment\`Required \`\`\`csharp public PrincipalPolicyFragment PolicyFragment { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.PrincipalPolicyFragment Return the policy fragment that identifies this principal in a Policy. --- ##### \`Role\`Required \`\`\`csharp public IRole Role { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole The role which is linked to the service account. --- ##### \`ServiceAccountName\`Required \`\`\`csharp public string ServiceAccountName { get; } \`\`\` - *Type:* string The name of the service account. --- ##### \`ServiceAccountNamespace\`Required \`\`\`csharp public string ServiceAccountNamespace { get; } \`\`\` - *Type:* string The namespace where the service account is located in. --- ## Structs ### AutoScalingGroupCapacityOptions Options for adding worker nodes. #### Initializer \`\`\`csharp using Amazon.CDK; new AutoScalingGroupCapacityOptions { bool AllowAllOutbound = null, bool AssociatePublicIpAddress = null, string AutoScalingGroupName = null, BlockDevice[] BlockDevices = null, Duration Cooldown = null, double DesiredCapacity = null, GroupMetrics[] GroupMetrics = null, HealthCheck HealthCheck = null, bool IgnoreUnmodifiedSizeProperties = null, Monitoring InstanceMonitoring = null, string KeyName = null, double MaxCapacity = null, Duration MaxInstanceLifetime = null, double MinCapacity = null, bool NewInstancesProtectedFromScaleIn = null, NotificationConfiguration[] Notifications = null, ITopic NotificationsTopic = null, double ReplacingUpdateMinSuccessfulInstancesPercent = null, double ResourceSignalCount = null, Duration ResourceSignalTimeout = null, RollingUpdateConfiguration RollingUpdateConfiguration = null, Signals Signals = null, string SpotPrice = null, UpdatePolicy UpdatePolicy = null, UpdateType UpdateType = null, SubnetSelection VpcSubnets = null, InstanceType InstanceType, bool BootstrapEnabled = null, BootstrapOptions BootstrapOptions = null, MachineImageType MachineImageType = null, bool MapRole = null, bool SpotInterruptHandler = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AllowAllOutbound | bool | Whether the instances can initiate connections to anywhere by default. | | AssociatePublicIpAddress | bool | Whether instances in the Auto Scaling Group should have public IP addresses associated with them. | | AutoScalingGroupName | string | The name of the Auto Scaling group. | | BlockDevices | Amazon.CDK.aws_autoscaling.BlockDevice[] | Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. | | Cooldown | Amazon.CDK.Duration | Default scaling cooldown for this AutoScalingGroup. | | DesiredCapacity | double | Initial amount of instances in the fleet. | | GroupMetrics | Amazon.CDK.aws_autoscaling.GroupMetrics[] | Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. | | HealthCheck | Amazon.CDK.aws_autoscaling.HealthCheck | Configuration for health checks. | | IgnoreUnmodifiedSizeProperties | bool | If the ASG has scheduled actions, don't reset unchanged group sizes. | | InstanceMonitoring | Amazon.CDK.aws_autoscaling.Monitoring | Controls whether instances in this group are launched with detailed or basic monitoring. | | KeyName | string | Name of SSH keypair to grant access to instances. | | MaxCapacity | double | Maximum number of instances in the fleet. | | MaxInstanceLifetime | Amazon.CDK.Duration | The maximum amount of time that an instance can be in service. | | MinCapacity | double | Minimum number of instances in the fleet. | | NewInstancesProtectedFromScaleIn | bool | Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. | | Notifications | Amazon.CDK.aws_autoscaling.NotificationConfiguration[] | Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). | | NotificationsTopic | Amazon.CDK.aws_sns.ITopic | SNS topic to send notifications about fleet changes. | | ReplacingUpdateMinSuccessfulInstancesPercent | double | Configuration for replacing updates. | | ResourceSignalCount | double | How many ResourceSignal calls CloudFormation expects before the resource is considered created. | | ResourceSignalTimeout | Amazon.CDK.Duration | The length of time to wait for the resourceSignalCount. | | RollingUpdateConfiguration | Amazon.CDK.aws_autoscaling.RollingUpdateConfiguration | Configuration for rolling updates. | | Signals | Amazon.CDK.aws_autoscaling.Signals | Configure waiting for signals during deployment. | | SpotPrice | string | The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. | | UpdatePolicy | Amazon.CDK.aws_autoscaling.UpdatePolicy | What to do when an AutoScalingGroup's instance configuration is changed. | | UpdateType | Amazon.CDK.aws_autoscaling.UpdateType | What to do when an AutoScalingGroup's instance configuration is changed. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection | Where to place instances within the VPC. | | InstanceType | Amazon.CDK.aws_ec2.InstanceType | Instance type of the instances to start. | | BootstrapEnabled | bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | BootstrapOptions | BootstrapOptions | EKS node bootstrapping options. | | MachineImageType | MachineImageType | Machine image type. | | MapRole | bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | SpotInterruptHandler | bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`AllowAllOutbound\`Optional \`\`\`csharp public bool AllowAllOutbound { get; set; } \`\`\` - *Type:* bool - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ##### \`AssociatePublicIpAddress\`Optional \`\`\`csharp public bool AssociatePublicIpAddress { get; set; } \`\`\` - *Type:* bool - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ##### \`AutoScalingGroupName\`Optional \`\`\`csharp public string AutoScalingGroupName { get; set; } \`\`\` - *Type:* string - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ##### \`BlockDevices\`Optional \`\`\`csharp public BlockDevice[] BlockDevices { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.BlockDevice[] - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ##### \`Cooldown\`Optional \`\`\`csharp public Duration Cooldown { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ##### \`DesiredCapacity\`Optional \`\`\`csharp public double DesiredCapacity { get; set; } \`\`\` - *Type:* double - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ##### \`GroupMetrics\`Optional \`\`\`csharp public GroupMetrics[] GroupMetrics { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.GroupMetrics[] - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ##### \`HealthCheck\`Optional \`\`\`csharp public HealthCheck HealthCheck { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ##### \`IgnoreUnmodifiedSizeProperties\`Optional \`\`\`csharp public bool IgnoreUnmodifiedSizeProperties { get; set; } \`\`\` - *Type:* bool - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ##### \`InstanceMonitoring\`Optional \`\`\`csharp public Monitoring InstanceMonitoring { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ##### \`KeyName\`Optional \`\`\`csharp public string KeyName { get; set; } \`\`\` - *Type:* string - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ##### \`MaxCapacity\`Optional \`\`\`csharp public double MaxCapacity { get; set; } \`\`\` - *Type:* double - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ##### \`MaxInstanceLifetime\`Optional \`\`\`csharp public Duration MaxInstanceLifetime { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ##### \`MinCapacity\`Optional \`\`\`csharp public double MinCapacity { get; set; } \`\`\` - *Type:* double - *Default:* 1 Minimum number of instances in the fleet. --- ##### \`NewInstancesProtectedFromScaleIn\`Optional \`\`\`csharp public bool NewInstancesProtectedFromScaleIn { get; set; } \`\`\` - *Type:* bool - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ##### \`Notifications\`Optional \`\`\`csharp public NotificationConfiguration[] Notifications { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.NotificationConfiguration[] - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ##### ~~\`NotificationsTopic\`~~Optional - *Deprecated:* use \`notifications\` \`\`\`csharp public ITopic NotificationsTopic { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_sns.ITopic - *Default:* No fleet change notifications will be sent. SNS topic to send notifications about fleet changes. --- ##### ~~\`ReplacingUpdateMinSuccessfulInstancesPercent\`~~Optional - *Deprecated:* Use \`signals\` instead \`\`\`csharp public double ReplacingUpdateMinSuccessfulInstancesPercent { get; set; } \`\`\` - *Type:* double - *Default:* minSuccessfulInstancesPercent Configuration for replacing updates. Only used if updateType == UpdateType.ReplacingUpdate. Specifies how many instances must signal success for the update to succeed. --- ##### ~~\`ResourceSignalCount\`~~Optional - *Deprecated:* Use \`signals\` instead. \`\`\`csharp public double ResourceSignalCount { get; set; } \`\`\` - *Type:* double - *Default:* 1 if resourceSignalTimeout is set, 0 otherwise How many ResourceSignal calls CloudFormation expects before the resource is considered created. --- ##### ~~\`ResourceSignalTimeout\`~~Optional - *Deprecated:* Use \`signals\` instead. \`\`\`csharp public Duration ResourceSignalTimeout { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) if resourceSignalCount is set, N/A otherwise The length of time to wait for the resourceSignalCount. The maximum value is 43200 (12 hours). --- ##### ~~\`RollingUpdateConfiguration\`~~Optional - *Deprecated:* Use \`updatePolicy\` instead \`\`\`csharp public RollingUpdateConfiguration RollingUpdateConfiguration { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.RollingUpdateConfiguration - *Default:* RollingUpdateConfiguration with defaults. Configuration for rolling updates. Only used if updateType == UpdateType.RollingUpdate. --- ##### \`Signals\`Optional \`\`\`csharp public Signals Signals { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ##### \`SpotPrice\`Optional \`\`\`csharp public string SpotPrice { get; set; } \`\`\` - *Type:* string - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ##### \`UpdatePolicy\`Optional \`\`\`csharp public UpdatePolicy UpdatePolicy { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### ~~\`UpdateType\`~~Optional - *Deprecated:* Use \`updatePolicy\` instead \`\`\`csharp public UpdateType UpdateType { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_autoscaling.UpdateType - *Default:* UpdateType.None What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ##### \`InstanceType\`Required \`\`\`csharp public InstanceType InstanceType { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType Instance type of the instances to start. --- ##### \`BootstrapEnabled\`Optional \`\`\`csharp public bool BootstrapEnabled { get; set; } \`\`\` - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`BootstrapOptions\`Optional \`\`\`csharp public BootstrapOptions BootstrapOptions { get; set; } \`\`\` - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ##### \`MachineImageType\`Optional \`\`\`csharp public MachineImageType MachineImageType { get; set; } \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ##### \`MapRole\`Optional \`\`\`csharp public bool MapRole { get; set; } \`\`\` - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`SpotInterruptHandler\`Optional \`\`\`csharp public bool SpotInterruptHandler { get; set; } \`\`\` - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ### AutoScalingGroupOptions Options for adding an AutoScalingGroup as capacity. #### Initializer \`\`\`csharp using Amazon.CDK; new AutoScalingGroupOptions { bool BootstrapEnabled = null, BootstrapOptions BootstrapOptions = null, MachineImageType MachineImageType = null, bool MapRole = null, bool SpotInterruptHandler = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | BootstrapEnabled | bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | BootstrapOptions | BootstrapOptions | Allows options for node bootstrapping through EC2 user data. | | MachineImageType | MachineImageType | Allow options to specify different machine image type. | | MapRole | bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | SpotInterruptHandler | bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`BootstrapEnabled\`Optional \`\`\`csharp public bool BootstrapEnabled { get; set; } \`\`\` - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`BootstrapOptions\`Optional \`\`\`csharp public BootstrapOptions BootstrapOptions { get; set; } \`\`\` - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ##### \`MachineImageType\`Optional \`\`\`csharp public MachineImageType MachineImageType { get; set; } \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ##### \`MapRole\`Optional \`\`\`csharp public bool MapRole { get; set; } \`\`\` - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`SpotInterruptHandler\`Optional \`\`\`csharp public bool SpotInterruptHandler { get; set; } \`\`\` - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ### AwsAuthMapping AwsAuth mapping. #### Initializer \`\`\`csharp using Amazon.CDK; new AwsAuthMapping { string[] Groups, string Username = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Groups | string[] | A list of groups within Kubernetes to which the role is mapped. | | Username | string | The user name within Kubernetes to map to the IAM role. | --- ##### \`Groups\`Required \`\`\`csharp public string[] Groups { get; set; } \`\`\` - *Type:* string[] A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`Username\`Optional \`\`\`csharp public string Username { get; set; } \`\`\` - *Type:* string - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- ### AwsAuthProps Configuration props for the AwsAuth construct. #### Initializer \`\`\`csharp using Amazon.CDK; new AwsAuthProps { Cluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`Cluster\`Required \`\`\`csharp public Cluster Cluster { get; set; } \`\`\` - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### BootstrapOptions EKS node bootstrapping options. #### Initializer \`\`\`csharp using Amazon.CDK; new BootstrapOptions { string AdditionalArgs = null, double AwsApiRetryAttempts = null, string DnsClusterIp = null, string DockerConfigJson = null, bool EnableDockerBridge = null, string KubeletExtraArgs = null, bool UseMaxPods = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AdditionalArgs | string | Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. | | AwsApiRetryAttempts | double | Number of retry attempts for AWS API call (DescribeCluster). | | DnsClusterIp | string | Overrides the IP address to use for DNS queries within the cluster. | | DockerConfigJson | string | The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. | | EnableDockerBridge | bool | Restores the docker default bridge network. | | KubeletExtraArgs | string | Extra arguments to add to the kubelet. | | UseMaxPods | bool | Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. | --- ##### \`AdditionalArgs\`Optional \`\`\`csharp public string AdditionalArgs { get; set; } \`\`\` - *Type:* string - *Default:* none Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. > [https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) --- ##### \`AwsApiRetryAttempts\`Optional \`\`\`csharp public double AwsApiRetryAttempts { get; set; } \`\`\` - *Type:* double - *Default:* 3 Number of retry attempts for AWS API call (DescribeCluster). --- ##### \`DnsClusterIp\`Optional \`\`\`csharp public string DnsClusterIp { get; set; } \`\`\` - *Type:* string - *Default:* 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface. Overrides the IP address to use for DNS queries within the cluster. --- ##### \`DockerConfigJson\`Optional \`\`\`csharp public string DockerConfigJson { get; set; } \`\`\` - *Type:* string - *Default:* none The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. --- ##### \`EnableDockerBridge\`Optional \`\`\`csharp public bool EnableDockerBridge { get; set; } \`\`\` - *Type:* bool - *Default:* false Restores the docker default bridge network. --- ##### \`KubeletExtraArgs\`Optional \`\`\`csharp public string KubeletExtraArgs { get; set; } \`\`\` - *Type:* string - *Default:* none Extra arguments to add to the kubelet. Useful for adding labels or taints. --- *Example* \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. --node - labels;foo = bar , goo = far; \`\`\` ##### \`UseMaxPods\`Optional \`\`\`csharp public bool UseMaxPods { get; set; } \`\`\` - *Type:* bool - *Default:* true Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. --- ### CfnAddonProps Properties for defining a \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializer \`\`\`csharp using Amazon.CDK; new CfnAddonProps { string AddonName, string ClusterName, string AddonVersion = null, string ResolveConflicts = null, string ServiceAccountRoleArn = null, CfnTag[] Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AddonName | string | \`AWS::EKS::Addon.AddonName\`. | | ClusterName | string | \`AWS::EKS::Addon.ClusterName\`. | | AddonVersion | string | \`AWS::EKS::Addon.AddonVersion\`. | | ResolveConflicts | string | \`AWS::EKS::Addon.ResolveConflicts\`. | | ServiceAccountRoleArn | string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | Tags | Amazon.CDK.CfnTag[] | \`AWS::EKS::Addon.Tags\`. | --- ##### \`AddonName\`Required \`\`\`csharp public string AddonName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`AddonVersion\`Optional \`\`\`csharp public string AddonVersion { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`ResolveConflicts\`Optional \`\`\`csharp public string ResolveConflicts { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`ServiceAccountRoleArn\`Optional \`\`\`csharp public string ServiceAccountRoleArn { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`Tags\`Optional \`\`\`csharp public CfnTag[] Tags { get; set; } \`\`\` - *Type:* Amazon.CDK.CfnTag[] \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ### CfnClusterProps Properties for defining a \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializer \`\`\`csharp using Amazon.CDK; new CfnClusterProps { object ResourcesVpcConfig, string RoleArn, object EncryptionConfig = null, object KubernetesNetworkConfig = null, string Name = null, string Version = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourcesVpcConfig | object | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | RoleArn | string | \`AWS::EKS::Cluster.RoleArn\`. | | EncryptionConfig | object | \`AWS::EKS::Cluster.EncryptionConfig\`. | | KubernetesNetworkConfig | object | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | Name | string | \`AWS::EKS::Cluster.Name\`. | | Version | string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`ResourcesVpcConfig\`Required \`\`\`csharp public object ResourcesVpcConfig { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`RoleArn\`Required \`\`\`csharp public string RoleArn { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`EncryptionConfig\`Optional \`\`\`csharp public object EncryptionConfig { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`KubernetesNetworkConfig\`Optional \`\`\`csharp public object KubernetesNetworkConfig { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- ### CfnFargateProfileProps Properties for defining a \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializer \`\`\`csharp using Amazon.CDK; new CfnFargateProfileProps { string ClusterName, string PodExecutionRoleArn, object Selectors, string FargateProfileName = null, string[] Subnets = null, CfnTag[] Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | string | \`AWS::EKS::FargateProfile.ClusterName\`. | | PodExecutionRoleArn | string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | Selectors | object | \`AWS::EKS::FargateProfile.Selectors\`. | | FargateProfileName | string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | Subnets | string[] | \`AWS::EKS::FargateProfile.Subnets\`. | | Tags | Amazon.CDK.CfnTag[] | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`PodExecutionRoleArn\`Required \`\`\`csharp public string PodExecutionRoleArn { get; set; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`Selectors\`Required \`\`\`csharp public object Selectors { get; set; } \`\`\` - *Type:* object \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`FargateProfileName\`Optional \`\`\`csharp public string FargateProfileName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`Subnets\`Optional \`\`\`csharp public string[] Subnets { get; set; } \`\`\` - *Type:* string[] \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`Tags\`Optional \`\`\`csharp public CfnTag[] Tags { get; set; } \`\`\` - *Type:* Amazon.CDK.CfnTag[] \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ### CfnNodegroupProps Properties for defining a \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializer \`\`\`csharp using Amazon.CDK; new CfnNodegroupProps { string ClusterName, string NodeRole, string[] Subnets, string AmiType = null, string CapacityType = null, double DiskSize = null, object ForceUpdateEnabled = null, string[] InstanceTypes = null, object Labels = null, object LaunchTemplate = null, string NodegroupName = null, string ReleaseVersion = null, object RemoteAccess = null, object ScalingConfig = null, object Tags = null, object Taints = null, string Version = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | string | \`AWS::EKS::Nodegroup.ClusterName\`. | | NodeRole | string | \`AWS::EKS::Nodegroup.NodeRole\`. | | Subnets | string[] | \`AWS::EKS::Nodegroup.Subnets\`. | | AmiType | string | \`AWS::EKS::Nodegroup.AmiType\`. | | CapacityType | string | \`AWS::EKS::Nodegroup.CapacityType\`. | | DiskSize | double | \`AWS::EKS::Nodegroup.DiskSize\`. | | ForceUpdateEnabled | object | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | InstanceTypes | string[] | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | Labels | object | \`AWS::EKS::Nodegroup.Labels\`. | | LaunchTemplate | object | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | NodegroupName | string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | ReleaseVersion | string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | RemoteAccess | object | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | ScalingConfig | object | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | Tags | object | \`AWS::EKS::Nodegroup.Tags\`. | | Taints | object | \`AWS::EKS::Nodegroup.Taints\`. | | Version | string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`NodeRole\`Required \`\`\`csharp public string NodeRole { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`Subnets\`Required \`\`\`csharp public string[] Subnets { get; set; } \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`AmiType\`Optional \`\`\`csharp public string AmiType { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`CapacityType\`Optional \`\`\`csharp public string CapacityType { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`DiskSize\`Optional \`\`\`csharp public double DiskSize { get; set; } \`\`\` - *Type:* double \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`ForceUpdateEnabled\`Optional \`\`\`csharp public object ForceUpdateEnabled { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`InstanceTypes\`Optional \`\`\`csharp public string[] InstanceTypes { get; set; } \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`csharp public object Labels { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`LaunchTemplate\`Optional \`\`\`csharp public object LaunchTemplate { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`NodegroupName\`Optional \`\`\`csharp public string NodegroupName { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`ReleaseVersion\`Optional \`\`\`csharp public string ReleaseVersion { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`RemoteAccess\`Optional \`\`\`csharp public object RemoteAccess { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`ScalingConfig\`Optional \`\`\`csharp public object ScalingConfig { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`Tags\`Optional \`\`\`csharp public object Tags { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`Taints\`Optional \`\`\`csharp public object Taints { get; set; } \`\`\` - *Type:* object \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- ### ClusterAttributes Attributes for EKS clusters. #### Initializer \`\`\`csharp using Amazon.CDK; new ClusterAttributes { string ClusterName, string ClusterCertificateAuthorityData = null, string ClusterEncryptionConfigKeyArn = null, string ClusterEndpoint = null, string ClusterSecurityGroupId = null, System.Collections.Generic.IDictionary KubectlEnvironment = null, ILayerVersion KubectlLayer = null, Size KubectlMemory = null, string[] KubectlPrivateSubnetIds = null, string KubectlRoleArn = null, string KubectlSecurityGroupId = null, IOpenIdConnectProvider OpenIdConnectProvider = null, bool Prune = null, string[] SecurityGroupIds = null, IVpc Vpc = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | string | The physical name of the Cluster. | | ClusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | string | The API Server endpoint URL. | | ClusterSecurityGroupId | string | The cluster security group that was created by Amazon EKS for the cluster. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Environment variables to use when running \`kubectl\` against this cluster. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | KubectlPrivateSubnetIds | string[] | Subnets to host the \`kubectl\` compute resources. | | KubectlRoleArn | string | An IAM role with cluster administrator and "system:masters" permissions. | | KubectlSecurityGroupId | string | A security group to use for \`kubectl\` execution. | | OpenIdConnectProvider | Amazon.CDK.aws_iam.IOpenIdConnectProvider | An Open ID Connect provider for this cluster that can be used to configure service accounts. | | Prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecurityGroupIds | string[] | Additional security groups associated with this cluster. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which this Cluster was created. | --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string The physical name of the Cluster. --- ##### \`ClusterCertificateAuthorityData\`Optional \`\`\`csharp public string ClusterCertificateAuthorityData { get; set; } \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Optional \`\`\`csharp public string ClusterEncryptionConfigKeyArn { get; set; } \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Optional \`\`\`csharp public string ClusterEndpoint { get; set; } \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ##### \`ClusterSecurityGroupId\`Optional \`\`\`csharp public string ClusterSecurityGroupId { get; set; } \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: \`\`\` helm/helm kubectl/kubectl awscli/aws \`\`\` --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; set; } \`\`\` - *Type:* Amazon.CDK.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`KubectlPrivateSubnetIds\`Optional \`\`\`csharp public string[] KubectlPrivateSubnetIds { get; set; } \`\`\` - *Type:* string[] - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`KubectlRoleArn\`Optional \`\`\`csharp public string KubectlRoleArn { get; set; } \`\`\` - *Type:* string - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ##### \`KubectlSecurityGroupId\`Optional \`\`\`csharp public string KubectlSecurityGroupId { get; set; } \`\`\` - *Type:* string - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`OpenIdConnectProvider\`Optional \`\`\`csharp public IOpenIdConnectProvider OpenIdConnectProvider { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecurityGroupIds\`Optional \`\`\`csharp public string[] SecurityGroupIds { get; set; } \`\`\` - *Type:* string[] - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- ### ClusterOptions Options for EKS clusters. #### Initializer \`\`\`csharp using Amazon.CDK; new ClusterOptions { KubernetesVersion Version, string ClusterName = null, bool OutputClusterName = null, bool OutputConfigCommand = null, IRole Role = null, ISecurityGroup SecurityGroup = null, IVpc Vpc = null, SubnetSelection[] VpcSubnets = null, System.Collections.Generic.IDictionary ClusterHandlerEnvironment = null, CoreDnsComputeType CoreDnsComputeType = null, EndpointAccess EndpointAccess = null, System.Collections.Generic.IDictionary KubectlEnvironment = null, ILayerVersion KubectlLayer = null, Size KubectlMemory = null, IRole MastersRole = null, bool OutputMastersRoleArn = null, bool PlaceClusterHandlerInVpc = null, bool Prune = null, IKey SecretsEncryptionKey = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | string | Name for the cluster. | | OutputClusterName | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | Amazon.CDK.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Environment variables for the kubectl execution. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | Amazon.CDK.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | Amazon.CDK.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | --- ##### \`Version\`Required \`\`\`csharp public KubernetesVersion Version { get; set; } \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`csharp public bool OutputClusterName { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`csharp public bool OutputConfigCommand { get; set; } \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`csharp public IRole Role { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`csharp public ISecurityGroup SecurityGroup { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection[] VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary ClusterHandlerEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`csharp public CoreDnsComputeType CoreDnsComputeType { get; set; } \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`csharp public EndpointAccess EndpointAccess { get; set; } \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var layer = new lambda.LayerVersion(this, "kubectl-layer", new Struct { Code = lambda.Code.FromAsset($"{__dirname}/layer.zip") });[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; set; } \`\`\` - *Type:* Amazon.CDK.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`csharp public IRole MastersRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`csharp public bool OutputMastersRoleArn { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`csharp public bool PlaceClusterHandlerInVpc { get; set; } \`\`\` - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`csharp public IKey SecretsEncryptionKey { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ### ClusterProps Common configuration props for EKS clusters. #### Initializer \`\`\`csharp using Amazon.CDK; new ClusterProps { KubernetesVersion Version, string ClusterName = null, bool OutputClusterName = null, bool OutputConfigCommand = null, IRole Role = null, ISecurityGroup SecurityGroup = null, IVpc Vpc = null, SubnetSelection[] VpcSubnets = null, System.Collections.Generic.IDictionary ClusterHandlerEnvironment = null, CoreDnsComputeType CoreDnsComputeType = null, EndpointAccess EndpointAccess = null, System.Collections.Generic.IDictionary KubectlEnvironment = null, ILayerVersion KubectlLayer = null, Size KubectlMemory = null, IRole MastersRole = null, bool OutputMastersRoleArn = null, bool PlaceClusterHandlerInVpc = null, bool Prune = null, IKey SecretsEncryptionKey = null, double DefaultCapacity = null, InstanceType DefaultCapacityInstance = null, DefaultCapacityType DefaultCapacityType = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | string | Name for the cluster. | | OutputClusterName | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | Amazon.CDK.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Environment variables for the kubectl execution. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | Amazon.CDK.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | Amazon.CDK.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | DefaultCapacity | double | Number of instances to allocate as an initial capacity for this cluster. | | DefaultCapacityInstance | Amazon.CDK.aws_ec2.InstanceType | The instance type to use for the default capacity. | | DefaultCapacityType | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`Version\`Required \`\`\`csharp public KubernetesVersion Version { get; set; } \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`csharp public bool OutputClusterName { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`csharp public bool OutputConfigCommand { get; set; } \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`csharp public IRole Role { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`csharp public ISecurityGroup SecurityGroup { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection[] VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary ClusterHandlerEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`csharp public CoreDnsComputeType CoreDnsComputeType { get; set; } \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`csharp public EndpointAccess EndpointAccess { get; set; } \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var layer = new lambda.LayerVersion(this, "kubectl-layer", new Struct { Code = lambda.Code.FromAsset($"{__dirname}/layer.zip") });[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; set; } \`\`\` - *Type:* Amazon.CDK.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`csharp public IRole MastersRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`csharp public bool OutputMastersRoleArn { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`csharp public bool PlaceClusterHandlerInVpc { get; set; } \`\`\` - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`csharp public IKey SecretsEncryptionKey { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`DefaultCapacity\`Optional \`\`\`csharp public double DefaultCapacity { get; set; } \`\`\` - *Type:* double - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`DefaultCapacityInstance\`Optional \`\`\`csharp public InstanceType DefaultCapacityInstance { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`DefaultCapacityType\`Optional \`\`\`csharp public DefaultCapacityType DefaultCapacityType { get; set; } \`\`\` - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- ### CommonClusterOptions Options for configuring an EKS cluster. #### Initializer \`\`\`csharp using Amazon.CDK; new CommonClusterOptions { KubernetesVersion Version, string ClusterName = null, bool OutputClusterName = null, bool OutputConfigCommand = null, IRole Role = null, ISecurityGroup SecurityGroup = null, IVpc Vpc = null, SubnetSelection[] VpcSubnets = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | string | Name for the cluster. | | OutputClusterName | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | Amazon.CDK.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | --- ##### \`Version\`Required \`\`\`csharp public KubernetesVersion Version { get; set; } \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`csharp public bool OutputClusterName { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`csharp public bool OutputConfigCommand { get; set; } \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`csharp public IRole Role { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`csharp public ISecurityGroup SecurityGroup { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection[] VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ### EksOptimizedImageProps Properties for EksOptimizedImage. #### Initializer \`\`\`csharp using Amazon.CDK; new EksOptimizedImageProps { CpuArch CpuArch = null, string KubernetesVersion = null, NodeType NodeType = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | CpuArch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | KubernetesVersion | string | The Kubernetes version to use. | | NodeType | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`CpuArch\`Optional \`\`\`csharp public CpuArch CpuArch { get; set; } \`\`\` - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`KubernetesVersion\`Optional \`\`\`csharp public string KubernetesVersion { get; set; } \`\`\` - *Type:* string - *Default:* The latest version The Kubernetes version to use. --- ##### \`NodeType\`Optional \`\`\`csharp public NodeType NodeType { get; set; } \`\`\` - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- ### EncryptionConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html) #### Initializer \`\`\`csharp using Amazon.CDK; new EncryptionConfigProperty { object Provider = null, string[] Resources = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Provider | object | \`CfnCluster.EncryptionConfigProperty.Provider\`. | | Resources | string[] | \`CfnCluster.EncryptionConfigProperty.Resources\`. | --- ##### \`Provider\`Optional \`\`\`csharp public object Provider { get; set; } \`\`\` - *Type:* object \`CfnCluster.EncryptionConfigProperty.Provider\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider) --- ##### \`Resources\`Optional \`\`\`csharp public string[] Resources { get; set; } \`\`\` - *Type:* string[] \`CfnCluster.EncryptionConfigProperty.Resources\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources) --- ### FargateClusterProps Configuration props for EKS Fargate. #### Initializer \`\`\`csharp using Amazon.CDK; new FargateClusterProps { KubernetesVersion Version, string ClusterName = null, bool OutputClusterName = null, bool OutputConfigCommand = null, IRole Role = null, ISecurityGroup SecurityGroup = null, IVpc Vpc = null, SubnetSelection[] VpcSubnets = null, System.Collections.Generic.IDictionary ClusterHandlerEnvironment = null, CoreDnsComputeType CoreDnsComputeType = null, EndpointAccess EndpointAccess = null, System.Collections.Generic.IDictionary KubectlEnvironment = null, ILayerVersion KubectlLayer = null, Size KubectlMemory = null, IRole MastersRole = null, bool OutputMastersRoleArn = null, bool PlaceClusterHandlerInVpc = null, bool Prune = null, IKey SecretsEncryptionKey = null, FargateProfileOptions DefaultProfile = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | string | Name for the cluster. | | OutputClusterName | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | Amazon.CDK.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | Amazon.CDK.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Environment variables for the kubectl execution. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | Amazon.CDK.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | Amazon.CDK.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | DefaultProfile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`Version\`Required \`\`\`csharp public KubernetesVersion Version { get; set; } \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`csharp public string ClusterName { get; set; } \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`csharp public bool OutputClusterName { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`csharp public bool OutputConfigCommand { get; set; } \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`csharp public IRole Role { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`csharp public ISecurityGroup SecurityGroup { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`csharp public SubnetSelection[] VpcSubnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary ClusterHandlerEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`csharp public CoreDnsComputeType CoreDnsComputeType { get; set; } \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`csharp public EndpointAccess EndpointAccess { get; set; } \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`csharp // Example automatically generated from non-compiling source. May contain errors. var layer = new lambda.LayerVersion(this, "kubectl-layer", new Struct { Code = lambda.Code.FromAsset($"{__dirname}/layer.zip") });[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; set; } \`\`\` - *Type:* Amazon.CDK.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`csharp public IRole MastersRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`csharp public bool OutputMastersRoleArn { get; set; } \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`csharp public bool PlaceClusterHandlerInVpc { get; set; } \`\`\` - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`csharp public IKey SecretsEncryptionKey { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`DefaultProfile\`Optional \`\`\`csharp public FargateProfileOptions DefaultProfile { get; set; } \`\`\` - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- ### FargateProfileOptions Options for defining EKS Fargate Profiles. #### Initializer \`\`\`csharp using Amazon.CDK; new FargateProfileOptions { Selector[] Selectors, string FargateProfileName = null, IRole PodExecutionRole = null, SubnetSelection SubnetSelection = null, IVpc Vpc = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Selectors | Selector[] | The selectors to match for pods to use this Fargate profile. | | FargateProfileName | string | The name of the Fargate profile. | | PodExecutionRole | Amazon.CDK.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | SubnetSelection | Amazon.CDK.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | --- ##### \`Selectors\`Required \`\`\`csharp public Selector[] Selectors { get; set; } \`\`\` - *Type:* Selector[] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`FargateProfileName\`Optional \`\`\`csharp public string FargateProfileName { get; set; } \`\`\` - *Type:* string - *Default:* generated The name of the Fargate profile. --- ##### \`PodExecutionRole\`Optional \`\`\`csharp public IRole PodExecutionRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`SubnetSelection\`Optional \`\`\`csharp public SubnetSelection SubnetSelection { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ### FargateProfileProps Configuration props for EKS Fargate Profiles. #### Initializer \`\`\`csharp using Amazon.CDK; new FargateProfileProps { Selector[] Selectors, string FargateProfileName = null, IRole PodExecutionRole = null, SubnetSelection SubnetSelection = null, IVpc Vpc = null, Cluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Selectors | Selector[] | The selectors to match for pods to use this Fargate profile. | | FargateProfileName | string | The name of the Fargate profile. | | PodExecutionRole | Amazon.CDK.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | SubnetSelection | Amazon.CDK.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | Cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`Selectors\`Required \`\`\`csharp public Selector[] Selectors { get; set; } \`\`\` - *Type:* Selector[] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`FargateProfileName\`Optional \`\`\`csharp public string FargateProfileName { get; set; } \`\`\` - *Type:* string - *Default:* generated The name of the Fargate profile. --- ##### \`PodExecutionRole\`Optional \`\`\`csharp public IRole PodExecutionRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`SubnetSelection\`Optional \`\`\`csharp public SubnetSelection SubnetSelection { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`Vpc\`Optional \`\`\`csharp public IVpc Vpc { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`Cluster\`Required \`\`\`csharp public Cluster Cluster { get; set; } \`\`\` - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- ### HelmChartOptions Helm Chart options. #### Initializer \`\`\`csharp using Amazon.CDK; new HelmChartOptions { string Chart, bool CreateNamespace = null, string Namespace = null, string Release = null, string Repository = null, Duration Timeout = null, System.Collections.Generic.IDictionary Values = null, string Version = null, bool Wait = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Chart | string | The name of the chart. | | CreateNamespace | bool | create namespace if not exist. | | Namespace | string | The Kubernetes namespace scope of the requests. | | Release | string | The name of the release. | | Repository | string | The repository which contains the chart. | | Timeout | Amazon.CDK.Duration | Amount of time to wait for any individual Kubernetes operation. | | Values | System.Collections.Generic.IDictionary | The values to be used by the chart. | | Version | string | The chart version to install. | | Wait | bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | --- ##### \`Chart\`Required \`\`\`csharp public string Chart { get; set; } \`\`\` - *Type:* string The name of the chart. --- ##### \`CreateNamespace\`Optional \`\`\`csharp public bool CreateNamespace { get; set; } \`\`\` - *Type:* bool - *Default:* true create namespace if not exist. --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`Release\`Optional \`\`\`csharp public string Release { get; set; } \`\`\` - *Type:* string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`Repository\`Optional \`\`\`csharp public string Repository { get; set; } \`\`\` - *Type:* string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`Timeout\`Optional \`\`\`csharp public Duration Timeout { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`Values\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Values { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`Wait\`Optional \`\`\`csharp public bool Wait { get; set; } \`\`\` - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ### HelmChartProps Helm Chart properties. #### Initializer \`\`\`csharp using Amazon.CDK; new HelmChartProps { string Chart, bool CreateNamespace = null, string Namespace = null, string Release = null, string Repository = null, Duration Timeout = null, System.Collections.Generic.IDictionary Values = null, string Version = null, bool Wait = null, ICluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Chart | string | The name of the chart. | | CreateNamespace | bool | create namespace if not exist. | | Namespace | string | The Kubernetes namespace scope of the requests. | | Release | string | The name of the release. | | Repository | string | The repository which contains the chart. | | Timeout | Amazon.CDK.Duration | Amount of time to wait for any individual Kubernetes operation. | | Values | System.Collections.Generic.IDictionary | The values to be used by the chart. | | Version | string | The chart version to install. | | Wait | bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | Cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`Chart\`Required \`\`\`csharp public string Chart { get; set; } \`\`\` - *Type:* string The name of the chart. --- ##### \`CreateNamespace\`Optional \`\`\`csharp public bool CreateNamespace { get; set; } \`\`\` - *Type:* bool - *Default:* true create namespace if not exist. --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`Release\`Optional \`\`\`csharp public string Release { get; set; } \`\`\` - *Type:* string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`Repository\`Optional \`\`\`csharp public string Repository { get; set; } \`\`\` - *Type:* string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`Timeout\`Optional \`\`\`csharp public Duration Timeout { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`Values\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Values { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`Wait\`Optional \`\`\`csharp public bool Wait { get; set; } \`\`\` - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### KubernetesManifestOptions Options for \`KubernetesManifest\`. #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesManifestOptions { bool Prune = null, bool SkipValidation = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Prune | bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | SkipValidation | bool | A flag to signify if the manifest validation should be skipped. | --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`SkipValidation\`Optional \`\`\`csharp public bool SkipValidation { get; set; } \`\`\` - *Type:* bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ### KubernetesManifestProps Properties for KubernetesManifest. #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesManifestProps { bool Prune = null, bool SkipValidation = null, ICluster Cluster, System.Collections.Generic.IDictionary[] Manifest, bool Overwrite = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Prune | bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | SkipValidation | bool | A flag to signify if the manifest validation should be skipped. | | Cluster | ICluster | The EKS cluster to apply this manifest to. | | Manifest | System.Collections.Generic.IDictionary[] | The manifest to apply. | | Overwrite | bool | Overwrite any existing resources. | --- ##### \`Prune\`Optional \`\`\`csharp public bool Prune { get; set; } \`\`\` - *Type:* bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`SkipValidation\`Optional \`\`\`csharp public bool SkipValidation { get; set; } \`\`\` - *Type:* bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`Manifest\`Required \`\`\`csharp public System.Collections.Generic.IDictionary[] Manifest { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary[] The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`csharp new [] { new Struct { ApiVersion = "v1", Kind = "Pod", Metadata = new Struct { Name = "mypod" }, Spec = new Struct { Containers = new [] { new Struct { Name = "hello", Image = "paulbouwer/hello-kubernetes:1.5", Ports = new [] { new Struct { ContainerPort = 8080 } } } } } } }; \`\`\` ##### \`Overwrite\`Optional \`\`\`csharp public bool Overwrite { get; set; } \`\`\` - *Type:* bool - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- ### KubernetesNetworkConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html) #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesNetworkConfigProperty { string ServiceIpv4Cidr = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ServiceIpv4Cidr | string | \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. | --- ##### \`ServiceIpv4Cidr\`Optional \`\`\`csharp public string ServiceIpv4Cidr { get; set; } \`\`\` - *Type:* string \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr) --- ### KubernetesObjectValueProps Properties for KubernetesObjectValue. #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesObjectValueProps { ICluster Cluster, string JsonPath, string ObjectName, string ObjectType, string ObjectNamespace = null, Duration Timeout = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Cluster | ICluster | The EKS cluster to fetch attributes from. | | JsonPath | string | JSONPath to the specific value. | | ObjectName | string | The name of the object to query. | | ObjectType | string | The object type to query. | | ObjectNamespace | string | The namespace the object belongs to. | | Timeout | Amazon.CDK.Duration | Timeout for waiting on a value. | --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`JsonPath\`Required \`\`\`csharp public string JsonPath { get; set; } \`\`\` - *Type:* string JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`ObjectName\`Required \`\`\`csharp public string ObjectName { get; set; } \`\`\` - *Type:* string The name of the object to query. --- ##### \`ObjectType\`Required \`\`\`csharp public string ObjectType { get; set; } \`\`\` - *Type:* string The object type to query. (e.g 'service', 'pod'...) --- ##### \`ObjectNamespace\`Optional \`\`\`csharp public string ObjectNamespace { get; set; } \`\`\` - *Type:* string - *Default:* 'default' The namespace the object belongs to. --- ##### \`Timeout\`Optional \`\`\`csharp public Duration Timeout { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- ### KubernetesPatchProps Properties for KubernetesPatch. #### Initializer \`\`\`csharp using Amazon.CDK; new KubernetesPatchProps { System.Collections.Generic.IDictionary ApplyPatch, ICluster Cluster, string ResourceName, System.Collections.Generic.IDictionary RestorePatch, PatchType PatchType = null, string ResourceNamespace = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ApplyPatch | System.Collections.Generic.IDictionary | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | Cluster | ICluster | The cluster to apply the patch to. | | ResourceName | string | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | RestorePatch | System.Collections.Generic.IDictionary | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | PatchType | PatchType | The patch type to pass to \`kubectl patch\`. | | ResourceNamespace | string | The kubernetes API namespace. | --- ##### \`ApplyPatch\`Required \`\`\`csharp public System.Collections.Generic.IDictionary ApplyPatch { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`ResourceName\`Required \`\`\`csharp public string ResourceName { get; set; } \`\`\` - *Type:* string The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`RestorePatch\`Required \`\`\`csharp public System.Collections.Generic.IDictionary RestorePatch { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`PatchType\`Optional \`\`\`csharp public PatchType PatchType { get; set; } \`\`\` - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`ResourceNamespace\`Optional \`\`\`csharp public string ResourceNamespace { get; set; } \`\`\` - *Type:* string - *Default:* "default" The kubernetes API namespace. --- ### LabelProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html) #### Initializer \`\`\`csharp using Amazon.CDK; new LabelProperty { string Key, string Value }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Key | string | \`CfnFargateProfile.LabelProperty.Key\`. | | Value | string | \`CfnFargateProfile.LabelProperty.Value\`. | --- ##### \`Key\`Required \`\`\`csharp public string Key { get; set; } \`\`\` - *Type:* string \`CfnFargateProfile.LabelProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key) --- ##### \`Value\`Required \`\`\`csharp public string Value { get; set; } \`\`\` - *Type:* string \`CfnFargateProfile.LabelProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value) --- ### LaunchTemplateSpec Launch template property specification. #### Initializer \`\`\`csharp using Amazon.CDK; new LaunchTemplateSpec { string Id, string Version = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Id | string | The Launch template ID. | | Version | string | The launch template version to be used (optional). | --- ##### \`Id\`Required \`\`\`csharp public string Id { get; set; } \`\`\` - *Type:* string The Launch template ID. --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string - *Default:* the default version of the launch template The launch template version to be used (optional). --- ### LaunchTemplateSpecificationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html) #### Initializer \`\`\`csharp using Amazon.CDK; new LaunchTemplateSpecificationProperty { string Id = null, string Name = null, string Version = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Id | string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. | | Name | string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. | | Version | string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. | --- ##### \`Id\`Optional \`\`\`csharp public string Id { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id) --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name) --- ##### \`Version\`Optional \`\`\`csharp public string Version { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version) --- ### NodegroupOptions The Nodegroup Options for addNodeGroup() method. #### Initializer \`\`\`csharp using Amazon.CDK; new NodegroupOptions { NodegroupAmiType AmiType = null, CapacityType CapacityType = null, double DesiredSize = null, double DiskSize = null, bool ForceUpdate = null, InstanceType InstanceType = null, InstanceType[] InstanceTypes = null, System.Collections.Generic.IDictionary Labels = null, LaunchTemplateSpec LaunchTemplateSpec = null, double MaxSize = null, double MinSize = null, string NodegroupName = null, IRole NodeRole = null, string ReleaseVersion = null, NodegroupRemoteAccess RemoteAccess = null, SubnetSelection Subnets = null, System.Collections.Generic.IDictionary Tags = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AmiType | NodegroupAmiType | The AMI type for your node group. | | CapacityType | CapacityType | The capacity type of the nodegroup. | | DesiredSize | double | The current number of worker nodes that the managed node group should maintain. | | DiskSize | double | The root device disk size (in GiB) for your node group instances. | | ForceUpdate | bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | InstanceType | Amazon.CDK.aws_ec2.InstanceType | The instance type to use for your node group. | | InstanceTypes | Amazon.CDK.aws_ec2.InstanceType[] | The instance types to use for your node group. | | Labels | System.Collections.Generic.IDictionary | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | LaunchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | MaxSize | double | The maximum number of worker nodes that the managed node group can scale out to. | | MinSize | double | The minimum number of worker nodes that the managed node group can scale in to. | | NodegroupName | string | Name of the Nodegroup. | | NodeRole | Amazon.CDK.aws_iam.IRole | The IAM role to associate with your node group. | | ReleaseVersion | string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | RemoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | Subnets | Amazon.CDK.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | Tags | System.Collections.Generic.IDictionary | The metadata to apply to the node group to assist with categorization and organization. | --- ##### \`AmiType\`Optional \`\`\`csharp public NodegroupAmiType AmiType { get; set; } \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`CapacityType\`Optional \`\`\`csharp public CapacityType CapacityType { get; set; } \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`DesiredSize\`Optional \`\`\`csharp public double DesiredSize { get; set; } \`\`\` - *Type:* double - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`DiskSize\`Optional \`\`\`csharp public double DiskSize { get; set; } \`\`\` - *Type:* double - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`ForceUpdate\`Optional \`\`\`csharp public bool ForceUpdate { get; set; } \`\`\` - *Type:* bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### ~~\`InstanceType\`~~Optional - *Deprecated:* Use \`instanceTypes\` instead. \`\`\`csharp public InstanceType InstanceType { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType - *Default:* t3.medium The instance type to use for your node group. Currently, you can specify a single instance type for a node group. The default value for this parameter is \`t3.medium\`. If you choose a GPU instance type, be sure to specify the \`AL2_x86_64_GPU\` with the amiType parameter. --- ##### \`InstanceTypes\`Optional \`\`\`csharp public InstanceType[] InstanceTypes { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType[] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Labels { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`LaunchTemplateSpec\`Optional \`\`\`csharp public LaunchTemplateSpec LaunchTemplateSpec { get; set; } \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`MaxSize\`Optional \`\`\`csharp public double MaxSize { get; set; } \`\`\` - *Type:* double - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`MinSize\`Optional \`\`\`csharp public double MinSize { get; set; } \`\`\` - *Type:* double - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`NodegroupName\`Optional \`\`\`csharp public string NodegroupName { get; set; } \`\`\` - *Type:* string - *Default:* resource ID Name of the Nodegroup. --- ##### \`NodeRole\`Optional \`\`\`csharp public IRole NodeRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`ReleaseVersion\`Optional \`\`\`csharp public string ReleaseVersion { get; set; } \`\`\` - *Type:* string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`RemoteAccess\`Optional \`\`\`csharp public NodegroupRemoteAccess RemoteAccess { get; set; } \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`Subnets\`Optional \`\`\`csharp public SubnetSelection Subnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`Tags\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Tags { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ### NodegroupProps NodeGroup properties interface. #### Initializer \`\`\`csharp using Amazon.CDK; new NodegroupProps { NodegroupAmiType AmiType = null, CapacityType CapacityType = null, double DesiredSize = null, double DiskSize = null, bool ForceUpdate = null, InstanceType InstanceType = null, InstanceType[] InstanceTypes = null, System.Collections.Generic.IDictionary Labels = null, LaunchTemplateSpec LaunchTemplateSpec = null, double MaxSize = null, double MinSize = null, string NodegroupName = null, IRole NodeRole = null, string ReleaseVersion = null, NodegroupRemoteAccess RemoteAccess = null, SubnetSelection Subnets = null, System.Collections.Generic.IDictionary Tags = null, ICluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AmiType | NodegroupAmiType | The AMI type for your node group. | | CapacityType | CapacityType | The capacity type of the nodegroup. | | DesiredSize | double | The current number of worker nodes that the managed node group should maintain. | | DiskSize | double | The root device disk size (in GiB) for your node group instances. | | ForceUpdate | bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | InstanceType | Amazon.CDK.aws_ec2.InstanceType | The instance type to use for your node group. | | InstanceTypes | Amazon.CDK.aws_ec2.InstanceType[] | The instance types to use for your node group. | | Labels | System.Collections.Generic.IDictionary | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | LaunchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | MaxSize | double | The maximum number of worker nodes that the managed node group can scale out to. | | MinSize | double | The minimum number of worker nodes that the managed node group can scale in to. | | NodegroupName | string | Name of the Nodegroup. | | NodeRole | Amazon.CDK.aws_iam.IRole | The IAM role to associate with your node group. | | ReleaseVersion | string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | RemoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | Subnets | Amazon.CDK.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | Tags | System.Collections.Generic.IDictionary | The metadata to apply to the node group to assist with categorization and organization. | | Cluster | ICluster | Cluster resource. | --- ##### \`AmiType\`Optional \`\`\`csharp public NodegroupAmiType AmiType { get; set; } \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`CapacityType\`Optional \`\`\`csharp public CapacityType CapacityType { get; set; } \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`DesiredSize\`Optional \`\`\`csharp public double DesiredSize { get; set; } \`\`\` - *Type:* double - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`DiskSize\`Optional \`\`\`csharp public double DiskSize { get; set; } \`\`\` - *Type:* double - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`ForceUpdate\`Optional \`\`\`csharp public bool ForceUpdate { get; set; } \`\`\` - *Type:* bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### ~~\`InstanceType\`~~Optional - *Deprecated:* Use \`instanceTypes\` instead. \`\`\`csharp public InstanceType InstanceType { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType - *Default:* t3.medium The instance type to use for your node group. Currently, you can specify a single instance type for a node group. The default value for this parameter is \`t3.medium\`. If you choose a GPU instance type, be sure to specify the \`AL2_x86_64_GPU\` with the amiType parameter. --- ##### \`InstanceTypes\`Optional \`\`\`csharp public InstanceType[] InstanceTypes { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.InstanceType[] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Labels { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`LaunchTemplateSpec\`Optional \`\`\`csharp public LaunchTemplateSpec LaunchTemplateSpec { get; set; } \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`MaxSize\`Optional \`\`\`csharp public double MaxSize { get; set; } \`\`\` - *Type:* double - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`MinSize\`Optional \`\`\`csharp public double MinSize { get; set; } \`\`\` - *Type:* double - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`NodegroupName\`Optional \`\`\`csharp public string NodegroupName { get; set; } \`\`\` - *Type:* string - *Default:* resource ID Name of the Nodegroup. --- ##### \`NodeRole\`Optional \`\`\`csharp public IRole NodeRole { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`ReleaseVersion\`Optional \`\`\`csharp public string ReleaseVersion { get; set; } \`\`\` - *Type:* string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`RemoteAccess\`Optional \`\`\`csharp public NodegroupRemoteAccess RemoteAccess { get; set; } \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`Subnets\`Optional \`\`\`csharp public SubnetSelection Subnets { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`Tags\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Tags { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster Cluster resource. --- ### NodegroupRemoteAccess The remote access (SSH) configuration to use with your node group. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`csharp using Amazon.CDK; new NodegroupRemoteAccess { string SshKeyName, ISecurityGroup[] SourceSecurityGroups = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | SshKeyName | string | The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. | | SourceSecurityGroups | Amazon.CDK.aws_ec2.ISecurityGroup[] | The security groups that are allowed SSH access (port 22) to the worker nodes. | --- ##### \`SshKeyName\`Required \`\`\`csharp public string SshKeyName { get; set; } \`\`\` - *Type:* string The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. --- ##### \`SourceSecurityGroups\`Optional \`\`\`csharp public ISecurityGroup[] SourceSecurityGroups { get; set; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup[] - *Default:* port 22 on the worker nodes is opened to the internet (0.0.0.0/0) The security groups that are allowed SSH access (port 22) to the worker nodes. If you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0). --- ### OpenIdConnectProviderProps Initialization properties for \`OpenIdConnectProvider\`. #### Initializer \`\`\`csharp using Amazon.CDK; new OpenIdConnectProviderProps { string Url }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Url | string | The URL of the identity provider. | --- ##### \`Url\`Required \`\`\`csharp public string Url { get; set; } \`\`\` - *Type:* string The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- ### ProviderProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html) #### Initializer \`\`\`csharp using Amazon.CDK; new ProviderProperty { string KeyArn = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | KeyArn | string | \`CfnCluster.ProviderProperty.KeyArn\`. | --- ##### \`KeyArn\`Optional \`\`\`csharp public string KeyArn { get; set; } \`\`\` - *Type:* string \`CfnCluster.ProviderProperty.KeyArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn) --- ### RemoteAccessProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`csharp using Amazon.CDK; new RemoteAccessProperty { string Ec2SshKey, string[] SourceSecurityGroups = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Ec2SshKey | string | \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. | | SourceSecurityGroups | string[] | \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. | --- ##### \`Ec2SshKey\`Required \`\`\`csharp public string Ec2SshKey { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey) --- ##### \`SourceSecurityGroups\`Optional \`\`\`csharp public string[] SourceSecurityGroups { get; set; } \`\`\` - *Type:* string[] \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups) --- ### ResourcesVpcConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html) #### Initializer \`\`\`csharp using Amazon.CDK; new ResourcesVpcConfigProperty { string[] SubnetIds, string[] SecurityGroupIds = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | SubnetIds | string[] | \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. | | SecurityGroupIds | string[] | \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. | --- ##### \`SubnetIds\`Required \`\`\`csharp public string[] SubnetIds { get; set; } \`\`\` - *Type:* string[] \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids) --- ##### \`SecurityGroupIds\`Optional \`\`\`csharp public string[] SecurityGroupIds { get; set; } \`\`\` - *Type:* string[] \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids) --- ### ScalingConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html) #### Initializer \`\`\`csharp using Amazon.CDK; new ScalingConfigProperty { double DesiredSize = null, double MaxSize = null, double MinSize = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | DesiredSize | double | \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. | | MaxSize | double | \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. | | MinSize | double | \`CfnNodegroup.ScalingConfigProperty.MinSize\`. | --- ##### \`DesiredSize\`Optional \`\`\`csharp public double DesiredSize { get; set; } \`\`\` - *Type:* double \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize) --- ##### \`MaxSize\`Optional \`\`\`csharp public double MaxSize { get; set; } \`\`\` - *Type:* double \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize) --- ##### \`MinSize\`Optional \`\`\`csharp public double MinSize { get; set; } \`\`\` - *Type:* double \`CfnNodegroup.ScalingConfigProperty.MinSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize) --- ### Selector Fargate profile selector. #### Initializer \`\`\`csharp using Amazon.CDK; new Selector { string Namespace, System.Collections.Generic.IDictionary Labels = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | string | The Kubernetes namespace that the selector should match. | | Labels | System.Collections.Generic.IDictionary | The Kubernetes labels that the selector should match. | --- ##### \`Namespace\`Required \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string The Kubernetes namespace that the selector should match. You must specify a namespace for a selector. The selector only matches pods that are created in this namespace, but you can create multiple selectors to target multiple namespaces. --- ##### \`Labels\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary Labels { get; set; } \`\`\` - *Type:* System.Collections.Generic.IDictionary - *Default:* all pods within the namespace will be selected. The Kubernetes labels that the selector should match. A pod must contain all of the labels that are specified in the selector for it to be considered a match. --- ### SelectorProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html) #### Initializer \`\`\`csharp using Amazon.CDK; new SelectorProperty { string Namespace, object Labels = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | string | \`CfnFargateProfile.SelectorProperty.Namespace\`. | | Labels | object | \`CfnFargateProfile.SelectorProperty.Labels\`. | --- ##### \`Namespace\`Required \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string \`CfnFargateProfile.SelectorProperty.Namespace\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace) --- ##### \`Labels\`Optional \`\`\`csharp public object Labels { get; set; } \`\`\` - *Type:* object \`CfnFargateProfile.SelectorProperty.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels) --- ### ServiceAccountOptions Options for \`ServiceAccount\`. #### Initializer \`\`\`csharp using Amazon.CDK; new ServiceAccountOptions { string Name = null, string Namespace = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Name | string | The name of the service account. | | Namespace | string | The namespace of the service account. | --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; set; } \`\`\` - *Type:* string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* "default" The namespace of the service account. --- ### ServiceAccountProps Properties for defining service accounts. #### Initializer \`\`\`csharp using Amazon.CDK; new ServiceAccountProps { string Name = null, string Namespace = null, ICluster Cluster }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Name | string | The name of the service account. | | Namespace | string | The namespace of the service account. | | Cluster | ICluster | The cluster to apply the patch to. | --- ##### \`Name\`Optional \`\`\`csharp public string Name { get; set; } \`\`\` - *Type:* string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* "default" The namespace of the service account. --- ##### \`Cluster\`Required \`\`\`csharp public ICluster Cluster { get; set; } \`\`\` - *Type:* ICluster The cluster to apply the patch to. --- ### ServiceLoadBalancerAddressOptions Options for fetching a ServiceLoadBalancerAddress. #### Initializer \`\`\`csharp using Amazon.CDK; new ServiceLoadBalancerAddressOptions { string Namespace = null, Duration Timeout = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | string | The namespace the service belongs to. | | Timeout | Amazon.CDK.Duration | Timeout for waiting on the load balancer address. | --- ##### \`Namespace\`Optional \`\`\`csharp public string Namespace { get; set; } \`\`\` - *Type:* string - *Default:* 'default' The namespace the service belongs to. --- ##### \`Timeout\`Optional \`\`\`csharp public Duration Timeout { get; set; } \`\`\` - *Type:* Amazon.CDK.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- ### TaintProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html) #### Initializer \`\`\`csharp using Amazon.CDK; new TaintProperty { string Effect = null, string Key = null, string Value = null }; \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Effect | string | \`CfnNodegroup.TaintProperty.Effect\`. | | Key | string | \`CfnNodegroup.TaintProperty.Key\`. | | Value | string | \`CfnNodegroup.TaintProperty.Value\`. | --- ##### \`Effect\`Optional \`\`\`csharp public string Effect { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.TaintProperty.Effect\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect) --- ##### \`Key\`Optional \`\`\`csharp public string Key { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.TaintProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key) --- ##### \`Value\`Optional \`\`\`csharp public string Value { get; set; } \`\`\` - *Type:* string \`CfnNodegroup.TaintProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value) --- ## Classes ### EksOptimizedImage - *Implements:* Amazon.CDK.aws_ec2.IMachineImage Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM. #### Initializers \`\`\`csharp using Amazon.CDK; new EksOptimizedImage(EksOptimizedImageProps Props = null); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | Props | EksOptimizedImageProps | *No description.* | --- ##### \`Props\`Optional - *Type:* EksOptimizedImageProps --- #### Methods | **Name** | **Description** | | --- | --- | | GetImage | Return the correct image. | --- ##### \`GetImage\` \`\`\`csharp private MachineImageConfig GetImage(Construct Scope) \`\`\` Return the correct image. ###### \`Scope\`Required - *Type:* Amazon.CDK.Construct --- ### EndpointAccess Endpoint access characteristics. #### Methods | **Name** | **Description** | | --- | --- | | OnlyFrom | Restrict public access to specific CIDR blocks. | --- ##### \`OnlyFrom\` \`\`\`csharp private EndpointAccess OnlyFrom(string Cidr) \`\`\` Restrict public access to specific CIDR blocks. If public access is disabled, this method will result in an error. ###### \`Cidr\`Required - *Type:* string CIDR blocks. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | Private | EndpointAccess | The cluster endpoint is only accessible through your VPC. | | Public | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | | PublicAndPrivate | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | --- ##### \`Private\`Required \`\`\`csharp public EndpointAccess Private { get; } \`\`\` - *Type:* EndpointAccess The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC. --- ##### \`Public\`Required \`\`\`csharp public EndpointAccess Public { get; } \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic will leave your VPC to connect to the endpoint. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ##### \`PublicAndPrivate\`Required \`\`\`csharp public EndpointAccess PublicAndPrivate { get; } \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic to the endpoint will stay within your VPC. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC_AND_PRIVATE.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ### KubernetesVersion Kubernetes cluster version. #### Static Functions | **Name** | **Description** | | --- | --- | | Of | Custom cluster version. | --- ##### \`Of\` \`\`\`csharp using Amazon.CDK; KubernetesVersion.Of(string Version); \`\`\` Custom cluster version. ###### \`Version\`Required - *Type:* string custom version number. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | string | cluster version number. | --- ##### \`Version\`Required \`\`\`csharp public string Version { get; } \`\`\` - *Type:* string cluster version number. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | V114 | KubernetesVersion | Kubernetes version 1.14. | | V115 | KubernetesVersion | Kubernetes version 1.15. | | V116 | KubernetesVersion | Kubernetes version 1.16. | | V117 | KubernetesVersion | Kubernetes version 1.17. | | V118 | KubernetesVersion | Kubernetes version 1.18. | | V119 | KubernetesVersion | Kubernetes version 1.19. | --- ##### \`V114\`Required \`\`\`csharp public KubernetesVersion V114 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.14. --- ##### \`V115\`Required \`\`\`csharp public KubernetesVersion V115 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.15. --- ##### \`V116\`Required \`\`\`csharp public KubernetesVersion V116 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.16. --- ##### \`V117\`Required \`\`\`csharp public KubernetesVersion V117 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.17. --- ##### \`V118\`Required \`\`\`csharp public KubernetesVersion V118 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.18. --- ##### \`V119\`Required \`\`\`csharp public KubernetesVersion V119 { get; } \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.19. --- ## Protocols ### ICluster - *Extends:* Amazon.CDK.IResource, Amazon.CDK.aws_ec2.IConnectable - *Implemented By:* Cluster, FargateCluster, ICluster An EKS cluster. #### Methods | **Name** | **Description** | | --- | --- | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | --- ##### \`AddCdk8sChart\` \`\`\`csharp private KubernetesManifest AddCdk8sChart(string Id, Construct Chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Chart\`Required - *Type:* Constructs.Construct the cdk8s chart. --- ##### \`AddHelmChart\` \`\`\`csharp private HelmChart AddHelmChart(string Id, HelmChartOptions Options) \`\`\` Defines a Helm chart in this cluster. ###### \`Id\`Required - *Type:* string logical id of this chart. --- ###### \`Options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`csharp private KubernetesManifest AddManifest(string Id, System.Collections.Generic.IDictionary Manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`Id\`Required - *Type:* string logical id of this manifest. --- ###### \`Manifest\`Required - *Type:* System.Collections.Generic.IDictionary a list of Kubernetes resource specifications. --- ##### \`AddServiceAccount\` \`\`\`csharp private ServiceAccount AddServiceAccount(string Id, ServiceAccountOptions Options = null) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`Id\`Required - *Type:* string logical id of service account. --- ###### \`Options\`Optional - *Type:* ServiceAccountOptions service account options. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node for this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | Connections | Amazon.CDK.aws_ec2.Connections | *No description.* | | ClusterArn | string | The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. | | ClusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | string | The API Server endpoint URL. | | ClusterName | string | The physical name of the Cluster. | | ClusterSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | OpenIdConnectProvider | Amazon.CDK.aws_iam.IOpenIdConnectProvider | The Open ID Connect Provider of the cluster used to configure Service Accounts. | | Prune | bool | Indicates whether Kubernetes resources can be automatically pruned. | | Vpc | Amazon.CDK.aws_ec2.IVpc | The VPC in which this Cluster was created. | | KubectlEnvironment | System.Collections.Generic.IDictionary | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | Amazon.CDK.aws_lambda.ILayerVersion | An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. | | KubectlMemory | Amazon.CDK.Size | Amount of memory to allocate to the provider's lambda function. | | KubectlPrivateSubnets | Amazon.CDK.aws_ec2.ISubnet[] | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | Amazon.CDK.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | Amazon.CDK.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node for this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`Connections\`Required \`\`\`csharp public Connections Connections { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.Connections --- ##### \`ClusterArn\`Required \`\`\`csharp public string ClusterArn { get; } \`\`\` - *Type:* string The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. --- ##### \`ClusterCertificateAuthorityData\`Required \`\`\`csharp public string ClusterCertificateAuthorityData { get; } \`\`\` - *Type:* string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`csharp public string ClusterEncryptionConfigKeyArn { get; } \`\`\` - *Type:* string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`csharp public string ClusterEndpoint { get; } \`\`\` - *Type:* string The API Server endpoint URL. --- ##### \`ClusterName\`Required \`\`\`csharp public string ClusterName { get; } \`\`\` - *Type:* string The physical name of the Cluster. --- ##### \`ClusterSecurityGroup\`Required \`\`\`csharp public ISecurityGroup ClusterSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`csharp public string ClusterSecurityGroupId { get; } \`\`\` - *Type:* string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`csharp public IOpenIdConnectProvider OpenIdConnectProvider { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IOpenIdConnectProvider The Open ID Connect Provider of the cluster used to configure Service Accounts. --- ##### \`Prune\`Required \`\`\`csharp public bool Prune { get; } \`\`\` - *Type:* bool Indicates whether Kubernetes resources can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`Vpc\`Required \`\`\`csharp public IVpc Vpc { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`KubectlEnvironment\`Optional \`\`\`csharp public System.Collections.Generic.IDictionary KubectlEnvironment { get; } \`\`\` - *Type:* System.Collections.Generic.IDictionary Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`csharp public ILayerVersion KubectlLayer { get; } \`\`\` - *Type:* Amazon.CDK.aws_lambda.ILayerVersion An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. If not defined, a default layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`csharp public Size KubectlMemory { get; } \`\`\` - *Type:* Amazon.CDK.Size Amount of memory to allocate to the provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`csharp public ISubnet[] KubectlPrivateSubnets { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISubnet[] Subnets to host the \`kubectl\` compute resources. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ##### \`KubectlRole\`Optional \`\`\`csharp public IRole KubectlRole { get; } \`\`\` - *Type:* Amazon.CDK.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`csharp public ISecurityGroup KubectlSecurityGroup { get; } \`\`\` - *Type:* Amazon.CDK.aws_ec2.ISecurityGroup A security group to use for \`kubectl\` execution. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ### INodegroup - *Extends:* Amazon.CDK.IResource - *Implemented By:* Nodegroup, INodegroup NodeGroup interface. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Amazon.CDK.ConstructNode | The construct tree node for this construct. | | Env | Amazon.CDK.ResourceEnvironment | The environment this resource belongs to. | | Stack | Amazon.CDK.Stack | The stack in which this resource is defined. | | NodegroupName | string | Name of the nodegroup. | --- ##### \`Node\`Required \`\`\`csharp public ConstructNode Node { get; } \`\`\` - *Type:* Amazon.CDK.ConstructNode The construct tree node for this construct. --- ##### \`Env\`Required \`\`\`csharp public ResourceEnvironment Env { get; } \`\`\` - *Type:* Amazon.CDK.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`csharp public Stack Stack { get; } \`\`\` - *Type:* Amazon.CDK.Stack The stack in which this resource is defined. --- ##### \`NodegroupName\`Required \`\`\`csharp public string NodegroupName { get; } \`\`\` - *Type:* string Name of the nodegroup. --- ## Enums ### CapacityType Capacity type of the managed node group. #### Members | **Name** | **Description** | | --- | --- | | SPOT | spot instances. | | ON_DEMAND | on-demand instances. | --- ##### \`SPOT\` spot instances. --- ##### \`ON_DEMAND\` on-demand instances. --- ### CoreDnsComputeType The type of compute resources to use for CoreDNS. #### Members | **Name** | **Description** | | --- | --- | | EC2 | Deploy CoreDNS on EC2 instances. | | FARGATE | Deploy CoreDNS on Fargate-managed instances. | --- ##### \`EC2\` Deploy CoreDNS on EC2 instances. --- ##### \`FARGATE\` Deploy CoreDNS on Fargate-managed instances. --- ### CpuArch CPU architecture. #### Members | **Name** | **Description** | | --- | --- | | ARM_64 | arm64 CPU type. | | X86_64 | x86_64 CPU type. | --- ##### \`ARM_64\` arm64 CPU type. --- ##### \`X86_64\` x86_64 CPU type. --- ### DefaultCapacityType The default capacity type for the cluster. #### Members | **Name** | **Description** | | --- | --- | | NODEGROUP | managed node group. | | EC2 | EC2 autoscaling group. | --- ##### \`NODEGROUP\` managed node group. --- ##### \`EC2\` EC2 autoscaling group. --- ### MachineImageType The machine image type. #### Members | **Name** | **Description** | | --- | --- | | AMAZON_LINUX_2 | Amazon EKS-optimized Linux AMI. | | BOTTLEROCKET | Bottlerocket AMI. | --- ##### \`AMAZON_LINUX_2\` Amazon EKS-optimized Linux AMI. --- ##### \`BOTTLEROCKET\` Bottlerocket AMI. --- ### NodegroupAmiType The AMI type for your node group. GPU instance types should use the \`AL2_x86_64_GPU\` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the \`AL2_x86_64\` AMI type, which uses the Amazon EKS-optimized Linux AMI. #### Members | **Name** | **Description** | | --- | --- | | AL2_X86_64 | Amazon Linux 2 (x86-64). | | AL2_X86_64_GPU | Amazon Linux 2 with GPU support. | | AL2_ARM_64 | Amazon Linux 2 (ARM-64). | --- ##### \`AL2_X86_64\` Amazon Linux 2 (x86-64). --- ##### \`AL2_X86_64_GPU\` Amazon Linux 2 with GPU support. --- ##### \`AL2_ARM_64\` Amazon Linux 2 (ARM-64). --- ### NodeType Whether the worker nodes should support GPU or just standard instances. #### Members | **Name** | **Description** | | --- | --- | | STANDARD | Standard instances. | | GPU | GPU instances. | | INFERENTIA | Inferentia instances. | --- ##### \`STANDARD\` Standard instances. --- ##### \`GPU\` GPU instances. --- ##### \`INFERENTIA\` Inferentia instances. --- ### PatchType Values for \`kubectl patch\` --type argument. #### Members | **Name** | **Description** | | --- | --- | | JSON | JSON Patch, RFC 6902. | | MERGE | JSON Merge patch. | | STRATEGIC | Strategic merge patch. | --- ##### \`JSON\` JSON Patch, RFC 6902. --- ##### \`MERGE\` JSON Merge patch. --- ##### \`STRATEGIC\` Strategic merge patch. --- " `; exports[`go for package 1`] = ` "# Constructs > Software-defined persistent state ![Release](https://github.com/aws/constructs/workflows/Release/badge.svg) [![npm version](https://badge.fury.io/js/constructs.svg)](https://badge.fury.io/js/constructs) [![PyPI version](https://badge.fury.io/py/constructs.svg)](https://badge.fury.io/py/constructs) [![NuGet version](https://badge.fury.io/nu/Constructs.svg)](https://badge.fury.io/nu/Constructs) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/software.constructs/constructs/badge.svg?style=plastic)](https://maven-badges.herokuapp.com/maven-central/software.constructs/constructs) ## What are constructs? Constructs are classes which define a "piece of system state". Constructs can be composed together to form higher-level building blocks which represent more complex state. Constructs are often used to represent the *desired state* of cloud applications. For example, in the AWS CDK, which is used to define the desired state for AWS infrastructure using CloudFormation, the lowest-level construct represents a *resource definition* in a CloudFormation template. These resources are composed to represent higher-level logical units of a cloud application, etc. ## Contributing This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). We welcome community contributions and pull requests. See our [contribution guide](./CONTRIBUTING.md) for more information on how to report issues, set up a development environment and submit code. ## License This project is distributed under the [Apache License, Version 2.0](./LICENSE). # API Reference ## Constructs ### Construct - *Implements:* IConstruct Represents the building block of the construct graph. All constructs besides the root construct must be created within the scope of another construct. #### Initializers \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.NewConstruct(scope Construct, id *string) Construct \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | Construct | The scope in which to define this construct. | | id | *string | The scoped construct ID. | --- ##### \`scope\`Required - *Type:* Construct The scope in which to define this construct. --- ##### \`id\`Required - *Type:* *string The scoped construct ID. Must be unique amongst siblings. If the ID includes a path separator (\`/\`), then it will be replaced by double dash \`--\`. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Construct_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Node | The tree node. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* Node The tree node. --- ## Structs ### MetadataEntry An entry in the construct metadata table. #### Initializer \`\`\`go import "github.com/aws/constructs-go/constructs/v10" &constructs.MetadataEntry { Data: interface{}, Type: *string, Trace: *[]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Data | interface{} | The data. | | Type | *string | The metadata entry type. | | Trace | *[]*string | Stack trace at the point of adding the metadata. | --- ##### \`Data\`Required \`\`\`go Data interface{} \`\`\` - *Type:* interface{} The data. --- ##### \`Type\`Required \`\`\`go Type *string \`\`\` - *Type:* *string The metadata entry type. --- ##### \`Trace\`Optional \`\`\`go Trace *[]*string \`\`\` - *Type:* *[]*string - *Default:* no trace information Stack trace at the point of adding the metadata. Only available if \`addMetadata()\` is called with \`stackTrace: true\`. --- ### MetadataOptions Options for \`construct.addMetadata()\`. #### Initializer \`\`\`go import "github.com/aws/constructs-go/constructs/v10" &constructs.MetadataOptions { StackTrace: *bool, TraceFromFunction: interface{}, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | StackTrace | *bool | Include stack trace with metadata entry. | | TraceFromFunction | interface{} | A JavaScript function to begin tracing from. | --- ##### \`StackTrace\`Optional \`\`\`go StackTrace *bool \`\`\` - *Type:* *bool - *Default:* false Include stack trace with metadata entry. --- ##### \`TraceFromFunction\`Optional \`\`\`go TraceFromFunction interface{} \`\`\` - *Type:* interface{} - *Default:* addMetadata() A JavaScript function to begin tracing from. This option is ignored unless \`stackTrace\` is \`true\`. --- ## Classes ### Dependable Trait for IDependable. Traits are interfaces that are privately implemented by objects. Instead of showing up in the public interface of a class, they need to be queried explicitly. This is used to implement certain framework features that are not intended to be used by Construct consumers, and so should be hidden from accidental use. *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. // Usage roots := dependableTrait_Get(construct).dependencyRoots // Definition dependableTrait_Implement(construct, map[string]interface{}{ get dependencyRoots() { return []; }, }) \`\`\` #### Initializers \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.NewDependable() Dependable \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | --- #### Static Functions | **Name** | **Description** | | --- | --- | | Get | Return the matching Dependable for the given class instance. | | Implement | Turn any object into an IDependable. | | Of | Return the matching Dependable for the given class instance. | --- ##### ~~\`Get\`~~ \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Dependable_Get(instance IDependable) Dependable \`\`\` Return the matching Dependable for the given class instance. ###### \`instance\`Required - *Type:* IDependable --- ##### \`Implement\` \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Dependable_Implement(instance IDependable, trait Dependable) \`\`\` Turn any object into an IDependable. ###### \`instance\`Required - *Type:* IDependable --- ###### \`trait\`Required - *Type:* Dependable --- ##### \`Of\` \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Dependable_Of(instance IDependable) Dependable \`\`\` Return the matching Dependable for the given class instance. ###### \`instance\`Required - *Type:* IDependable --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | DependencyRoots | *[]IConstruct | The set of constructs that form the root of this dependable. | --- ##### \`DependencyRoots\`Required \`\`\`go func DependencyRoots() *[]IConstruct \`\`\` - *Type:* *[]IConstruct The set of constructs that form the root of this dependable. All resources under all returned constructs are included in the ordering dependency. --- ### DependencyGroup - *Implements:* IDependable A set of constructs to be used as a dependable. This class can be used when a set of constructs which are disjoint in the construct tree needs to be combined to be used as a single dependable. #### Initializers \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.NewDependencyGroup(deps IDependable) DependencyGroup \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | deps | IDependable | *No description.* | --- ##### \`deps\`Required - *Type:* IDependable --- #### Methods | **Name** | **Description** | | --- | --- | | Add | Add a construct to the dependency roots. | --- ##### \`Add\` \`\`\`go func Add(scopes IDependable) \`\`\` Add a construct to the dependency roots. ###### \`scopes\`Required - *Type:* IDependable --- ### Node Represents the construct node in the scope tree. #### Initializers \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.NewNode(host Construct, scope IConstruct, id *string) Node \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | host | Construct | *No description.* | | scope | IConstruct | *No description.* | | id | *string | *No description.* | --- ##### \`host\`Required - *Type:* Construct --- ##### \`scope\`Required - *Type:* IConstruct --- ##### \`id\`Required - *Type:* *string --- #### Methods | **Name** | **Description** | | --- | --- | | AddDependency | Add an ordering dependency on another construct. | | AddMetadata | Adds a metadata entry to this construct. | | AddValidation | Adds a validation to this construct. | | FindAll | Return this construct and all of its children in the given order. | | FindChild | Return a direct child by id. | | Lock | Locks this construct from allowing more children to be added. | | SetContext | This can be used to set contextual values. | | TryFindChild | Return a direct child by id, or undefined. | | TryGetContext | Retrieves a value from tree context. | | TryRemoveChild | Remove the child with the given name, if present. | | Validate | Validates this construct. | --- ##### \`AddDependency\` \`\`\`go func AddDependency(deps IDependable) \`\`\` Add an ordering dependency on another construct. An \`IDependable\` ###### \`deps\`Required - *Type:* IDependable --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(type *string, data interface{}, options MetadataOptions) \`\`\` Adds a metadata entry to this construct. Entries are arbitrary values and will also include a stack trace to allow tracing back to the code location for when the entry was added. It can be used, for example, to include source mapping in CloudFormation templates to improve diagnostics. ###### \`type\`Required - *Type:* *string a string denoting the type of metadata. --- ###### \`data\`Required - *Type:* interface{} the value of the metadata (can be a Token). If null/undefined, metadata will not be added. --- ###### \`options\`Optional - *Type:* MetadataOptions options. --- ##### \`AddValidation\` \`\`\`go func AddValidation(validation IValidation) \`\`\` Adds a validation to this construct. When \`node.validate()\` is called, the \`validate()\` method will be called on all validations and all errors will be returned. ###### \`validation\`Required - *Type:* IValidation The validation object. --- ##### \`FindAll\` \`\`\`go func FindAll(order ConstructOrder) *[]IConstruct \`\`\` Return this construct and all of its children in the given order. ###### \`order\`Optional - *Type:* ConstructOrder --- ##### \`FindChild\` \`\`\`go func FindChild(id *string) IConstruct \`\`\` Return a direct child by id. Throws an error if the child is not found. ###### \`id\`Required - *Type:* *string Identifier of direct child. --- ##### \`Lock\` \`\`\`go func Lock() \`\`\` Locks this construct from allowing more children to be added. After this call, no more children can be added to this construct or to any children. ##### \`SetContext\` \`\`\`go func SetContext(key *string, value interface{}) \`\`\` This can be used to set contextual values. Context must be set before any children are added, since children may consult context info during construction. If the key already exists, it will be overridden. ###### \`key\`Required - *Type:* *string The context key. --- ###### \`value\`Required - *Type:* interface{} The context value. --- ##### \`TryFindChild\` \`\`\`go func TryFindChild(id *string) IConstruct \`\`\` Return a direct child by id, or undefined. ###### \`id\`Required - *Type:* *string Identifier of direct child. --- ##### \`TryGetContext\` \`\`\`go func TryGetContext(key *string) interface{} \`\`\` Retrieves a value from tree context. Context is usually initialized at the root, but can be overridden at any point in the tree. ###### \`key\`Required - *Type:* *string The context key. --- ##### \`TryRemoveChild\` \`\`\`go func TryRemoveChild(childName *string) *bool \`\`\` Remove the child with the given name, if present. ###### \`childName\`Required - *Type:* *string --- ##### \`Validate\` \`\`\`go func Validate() *[]*string \`\`\` Validates this construct. Invokes the \`validate()\` method on all validations added through \`addValidation()\`. #### Static Functions | **Name** | **Description** | | --- | --- | | Of | Returns the node associated with a construct. | --- ##### ~~\`Of\`~~ \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Node_Of(construct IConstruct) Node \`\`\` Returns the node associated with a construct. ###### \`construct\`Required - *Type:* IConstruct the construct. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Addr | *string | Returns an opaque tree-unique address for this construct. | | Children | *[]IConstruct | All direct children of this construct. | | Dependencies | *[]IConstruct | Return all dependencies registered on this node (non-recursive). | | Id | *string | The id of this construct within the current scope. | | Locked | *bool | Returns true if this construct or the scopes in which it is defined are locked. | | Metadata | *[]MetadataEntry | An immutable array of metadata objects associated with this construct. | | Path | *string | The full, absolute path of this construct in the tree. | | Root | IConstruct | Returns the root of the construct tree. | | Scopes | *[]IConstruct | All parent scopes of this construct. | | Scope | IConstruct | Returns the scope in which this construct is defined. | | DefaultChild | IConstruct | Returns the child construct that has the id \`Default\` or \`Resource"\`. | --- ##### \`Addr\`Required \`\`\`go func Addr() *string \`\`\` - *Type:* *string Returns an opaque tree-unique address for this construct. Addresses are 42 characters hexadecimal strings. They begin with "c8" followed by 40 lowercase hexadecimal characters (0-9a-f). Addresses are calculated using a SHA-1 of the components of the construct path. To enable refactorings of construct trees, constructs with the ID \`Default\` will be excluded from the calculation. In those cases constructs in the same tree may have the same addreess. --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. c83a2846e506bcc5f10682b564084bca2d275709ee \`\`\` ##### \`Children\`Required \`\`\`go func Children() *[]IConstruct \`\`\` - *Type:* *[]IConstruct All direct children of this construct. --- ##### \`Dependencies\`Required \`\`\`go func Dependencies() *[]IConstruct \`\`\` - *Type:* *[]IConstruct Return all dependencies registered on this node (non-recursive). --- ##### \`Id\`Required \`\`\`go func Id() *string \`\`\` - *Type:* *string The id of this construct within the current scope. This is a a scope-unique id. To obtain an app-unique id for this construct, use \`addr\`. --- ##### \`Locked\`Required \`\`\`go func Locked() *bool \`\`\` - *Type:* *bool Returns true if this construct or the scopes in which it is defined are locked. --- ##### \`Metadata\`Required \`\`\`go func Metadata() *[]MetadataEntry \`\`\` - *Type:* *[]MetadataEntry An immutable array of metadata objects associated with this construct. This can be used, for example, to implement support for deprecation notices, source mapping, etc. --- ##### \`Path\`Required \`\`\`go func Path() *string \`\`\` - *Type:* *string The full, absolute path of this construct in the tree. Components are separated by '/'. --- ##### \`Root\`Required \`\`\`go func Root() IConstruct \`\`\` - *Type:* IConstruct Returns the root of the construct tree. --- ##### \`Scopes\`Required \`\`\`go func Scopes() *[]IConstruct \`\`\` - *Type:* *[]IConstruct All parent scopes of this construct. --- ##### \`Scope\`Optional \`\`\`go func Scope() IConstruct \`\`\` - *Type:* IConstruct Returns the scope in which this construct is defined. The value is \`undefined\` at the root of the construct scope tree. --- ##### \`DefaultChild\`Optional \`\`\`go func DefaultChild() IConstruct \`\`\` - *Type:* IConstruct Returns the child construct that has the id \`Default\` or \`Resource"\`. This is usually the construct that provides the bulk of the underlying functionality. Useful for modifications of the underlying construct that are not available at the higher levels. Override the defaultChild property. This should only be used in the cases where the correct default child is not named 'Resource' or 'Default' as it should be. If you set this to undefined, the default behavior of finding the child named 'Resource' or 'Default' will be used. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | PathSep | *string | Separator used to delimit construct path components. | --- ##### \`PathSep\`Required \`\`\`go func PathSep() *string \`\`\` - *Type:* *string Separator used to delimit construct path components. --- ## Protocols ### IConstruct - *Extends:* IDependable - *Implemented By:* Construct, IConstruct Represents a construct. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Node | The tree node. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* Node The tree node. --- ### IDependable - *Implemented By:* Construct, DependencyGroup, IConstruct, IDependable Trait marker for classes that can be depended upon. The presence of this interface indicates that an object has an \`IDependableTrait\` implementation. This interface can be used to take an (ordering) dependency on a set of constructs. An ordering dependency implies that the resources represented by those constructs are deployed before the resources depending ON them are deployed. ### IValidation - *Implemented By:* IValidation Implement this interface in order for the construct to be able to validate itself. Implement this interface in order for the construct to be able to validate itself. #### Methods | **Name** | **Description** | | --- | --- | | Validate | Validate the current construct. | --- ##### \`Validate\` \`\`\`go func Validate() *[]*string \`\`\` Validate the current construct. This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis. Validate the current construct. This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis. ## Enums ### ConstructOrder In what order to return constructs. #### Members | **Name** | **Description** | | --- | --- | | ConstructOrder_PREORDER | Depth-first, pre-order. | | ConstructOrder_POSTORDER | Depth-first, post-order (leaf nodes first). | --- ##### \`ConstructOrder_PREORDER\` Depth-first, pre-order. --- ##### \`ConstructOrder_POSTORDER\` Depth-first, post-order (leaf nodes first). --- " `; exports[`go snapshot - root module 1`] = ` "# Constructs Programming Model > Software-defined state ![Release](https://github.com/aws/constructs/workflows/Release/badge.svg) [![npm version](https://badge.fury.io/js/constructs.svg)](https://badge.fury.io/js/constructs) [![PyPI version](https://badge.fury.io/py/constructs.svg)](https://badge.fury.io/py/constructs) [![NuGet version](https://badge.fury.io/nu/Constructs.svg)](https://badge.fury.io/nu/Constructs) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/software.constructs/constructs/badge.svg?style=plastic)](https://maven-badges.herokuapp.com/maven-central/software.constructs/constructs) ## What are constructs? Constructs are classes which define a "piece of system state". Constructs can be composed together to form higher-level building blocks which represent more complex state. Constructs are often used to represent the *desired state* of cloud applications. For example, in the AWS CDK, which is used to define the desired state for AWS infrastructure using CloudFormation, the lowest-level construct represents a *resource definition* in a CloudFormation template. These resources are composed to represent higher-level logical units of a cloud application, etc. ## Contributing This project has adopted the [Amazon Open Source Code of Conduct](https://aws.github.io/code-of-conduct). We welcome community contributions and pull requests. See our [contribution guide](./CONTRIBUTING.md) for more information on how to report issues, set up a development environment and submit code. ## License This project is distributed under the [Apache License, Version 2.0](./LICENSE). # API Reference ## Constructs ### Construct - *Implements:* IConstruct Represents the building block of the construct graph. All constructs besides the root construct must be created within the scope of another construct. #### Initializers \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.NewConstruct(scope Construct, id *string) Construct \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | Construct | The scope in which to define this construct. | | id | *string | The scoped construct ID. | --- ##### \`scope\`Required - *Type:* Construct The scope in which to define this construct. --- ##### \`id\`Required - *Type:* *string The scoped construct ID. Must be unique amongst siblings. If the ID includes a path separator (\`/\`), then it will be replaced by double dash \`--\`. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Construct_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Node | The tree node. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* Node The tree node. --- ## Structs ### MetadataEntry An entry in the construct metadata table. #### Initializer \`\`\`go import "github.com/aws/constructs-go/constructs/v10" &constructs.MetadataEntry { Data: interface{}, Type: *string, Trace: *[]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Data | interface{} | The data. | | Type | *string | The metadata entry type. | | Trace | *[]*string | Stack trace at the point of adding the metadata. | --- ##### \`Data\`Required \`\`\`go Data interface{} \`\`\` - *Type:* interface{} The data. --- ##### \`Type\`Required \`\`\`go Type *string \`\`\` - *Type:* *string The metadata entry type. --- ##### \`Trace\`Optional \`\`\`go Trace *[]*string \`\`\` - *Type:* *[]*string - *Default:* no trace information Stack trace at the point of adding the metadata. Only available if \`addMetadata()\` is called with \`stackTrace: true\`. --- ### MetadataOptions Options for \`construct.addMetadata()\`. #### Initializer \`\`\`go import "github.com/aws/constructs-go/constructs/v10" &constructs.MetadataOptions { StackTrace: *bool, TraceFromFunction: interface{}, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | StackTrace | *bool | Include stack trace with metadata entry. | | TraceFromFunction | interface{} | A JavaScript function to begin tracing from. | --- ##### \`StackTrace\`Optional \`\`\`go StackTrace *bool \`\`\` - *Type:* *bool - *Default:* false Include stack trace with metadata entry. --- ##### \`TraceFromFunction\`Optional \`\`\`go TraceFromFunction interface{} \`\`\` - *Type:* interface{} - *Default:* addMetadata() A JavaScript function to begin tracing from. This option is ignored unless \`stackTrace\` is \`true\`. --- ## Classes ### Dependable Trait for IDependable. Traits are interfaces that are privately implemented by objects. Instead of showing up in the public interface of a class, they need to be queried explicitly. This is used to implement certain framework features that are not intended to be used by Construct consumers, and so should be hidden from accidental use. *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. // Usage roots := dependableTrait_Get(construct).dependencyRoots // Definition dependableTrait_Implement(construct, map[string]interface{}{ get dependencyRoots() { return []; }, }) \`\`\` #### Initializers \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.NewDependable() Dependable \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | --- #### Static Functions | **Name** | **Description** | | --- | --- | | Get | Return the matching Dependable for the given class instance. | | Implement | Turn any object into an IDependable. | | Of | Return the matching Dependable for the given class instance. | --- ##### ~~\`Get\`~~ \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Dependable_Get(instance IDependable) Dependable \`\`\` Return the matching Dependable for the given class instance. ###### \`instance\`Required - *Type:* IDependable --- ##### \`Implement\` \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Dependable_Implement(instance IDependable, trait Dependable) \`\`\` Turn any object into an IDependable. ###### \`instance\`Required - *Type:* IDependable --- ###### \`trait\`Required - *Type:* Dependable --- ##### \`Of\` \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Dependable_Of(instance IDependable) Dependable \`\`\` Return the matching Dependable for the given class instance. ###### \`instance\`Required - *Type:* IDependable --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | DependencyRoots | *[]IConstruct | The set of constructs that form the root of this dependable. | --- ##### \`DependencyRoots\`Required \`\`\`go func DependencyRoots() *[]IConstruct \`\`\` - *Type:* *[]IConstruct The set of constructs that form the root of this dependable. All resources under all returned constructs are included in the ordering dependency. --- ### DependencyGroup - *Implements:* IDependable A set of constructs to be used as a dependable. This class can be used when a set of constructs which are disjoint in the construct tree needs to be combined to be used as a single dependable. #### Initializers \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.NewDependencyGroup(deps IDependable) DependencyGroup \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | deps | IDependable | *No description.* | --- ##### \`deps\`Required - *Type:* IDependable --- #### Methods | **Name** | **Description** | | --- | --- | | Add | Add a construct to the dependency roots. | --- ##### \`Add\` \`\`\`go func Add(scopes IDependable) \`\`\` Add a construct to the dependency roots. ###### \`scopes\`Required - *Type:* IDependable --- ### Node Represents the construct node in the scope tree. #### Initializers \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.NewNode(host Construct, scope IConstruct, id *string) Node \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | host | Construct | *No description.* | | scope | IConstruct | *No description.* | | id | *string | *No description.* | --- ##### \`host\`Required - *Type:* Construct --- ##### \`scope\`Required - *Type:* IConstruct --- ##### \`id\`Required - *Type:* *string --- #### Methods | **Name** | **Description** | | --- | --- | | AddDependency | Add an ordering dependency on another construct. | | AddMetadata | Adds a metadata entry to this construct. | | AddValidation | Adds a validation to this construct. | | FindAll | Return this construct and all of its children in the given order. | | FindChild | Return a direct child by id. | | Lock | Locks this construct from allowing more children to be added. | | SetContext | This can be used to set contextual values. | | TryFindChild | Return a direct child by id, or undefined. | | TryGetContext | Retrieves a value from tree context. | | TryRemoveChild | Remove the child with the given name, if present. | | Validate | Validates this construct. | --- ##### \`AddDependency\` \`\`\`go func AddDependency(deps IDependable) \`\`\` Add an ordering dependency on another construct. An \`IDependable\` ###### \`deps\`Required - *Type:* IDependable --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(type *string, data interface{}, options MetadataOptions) \`\`\` Adds a metadata entry to this construct. Entries are arbitrary values and will also include a stack trace to allow tracing back to the code location for when the entry was added. It can be used, for example, to include source mapping in CloudFormation templates to improve diagnostics. ###### \`type\`Required - *Type:* *string a string denoting the type of metadata. --- ###### \`data\`Required - *Type:* interface{} the value of the metadata (can be a Token). If null/undefined, metadata will not be added. --- ###### \`options\`Optional - *Type:* MetadataOptions options. --- ##### \`AddValidation\` \`\`\`go func AddValidation(validation IValidation) \`\`\` Adds a validation to this construct. When \`node.validate()\` is called, the \`validate()\` method will be called on all validations and all errors will be returned. ###### \`validation\`Required - *Type:* IValidation The validation object. --- ##### \`FindAll\` \`\`\`go func FindAll(order ConstructOrder) *[]IConstruct \`\`\` Return this construct and all of its children in the given order. ###### \`order\`Optional - *Type:* ConstructOrder --- ##### \`FindChild\` \`\`\`go func FindChild(id *string) IConstruct \`\`\` Return a direct child by id. Throws an error if the child is not found. ###### \`id\`Required - *Type:* *string Identifier of direct child. --- ##### \`Lock\` \`\`\`go func Lock() \`\`\` Locks this construct from allowing more children to be added. After this call, no more children can be added to this construct or to any children. ##### \`SetContext\` \`\`\`go func SetContext(key *string, value interface{}) \`\`\` This can be used to set contextual values. Context must be set before any children are added, since children may consult context info during construction. If the key already exists, it will be overridden. ###### \`key\`Required - *Type:* *string The context key. --- ###### \`value\`Required - *Type:* interface{} The context value. --- ##### \`TryFindChild\` \`\`\`go func TryFindChild(id *string) IConstruct \`\`\` Return a direct child by id, or undefined. ###### \`id\`Required - *Type:* *string Identifier of direct child. --- ##### \`TryGetContext\` \`\`\`go func TryGetContext(key *string) interface{} \`\`\` Retrieves a value from tree context. Context is usually initialized at the root, but can be overridden at any point in the tree. ###### \`key\`Required - *Type:* *string The context key. --- ##### \`TryRemoveChild\` \`\`\`go func TryRemoveChild(childName *string) *bool \`\`\` Remove the child with the given name, if present. ###### \`childName\`Required - *Type:* *string --- ##### \`Validate\` \`\`\`go func Validate() *[]*string \`\`\` Validates this construct. Invokes the \`validate()\` method on all validations added through \`addValidation()\`. #### Static Functions | **Name** | **Description** | | --- | --- | | Of | Returns the node associated with a construct. | --- ##### ~~\`Of\`~~ \`\`\`go import "github.com/aws/constructs-go/constructs/v10" constructs.Node_Of(construct IConstruct) Node \`\`\` Returns the node associated with a construct. ###### \`construct\`Required - *Type:* IConstruct the construct. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Addr | *string | Returns an opaque tree-unique address for this construct. | | Children | *[]IConstruct | All direct children of this construct. | | Dependencies | *[]IConstruct | Return all dependencies registered on this node (non-recursive). | | Id | *string | The id of this construct within the current scope. | | Locked | *bool | Returns true if this construct or the scopes in which it is defined are locked. | | Metadata | *[]MetadataEntry | An immutable array of metadata objects associated with this construct. | | Path | *string | The full, absolute path of this construct in the tree. | | Root | IConstruct | Returns the root of the construct tree. | | Scopes | *[]IConstruct | All parent scopes of this construct. | | Scope | IConstruct | Returns the scope in which this construct is defined. | | DefaultChild | IConstruct | Returns the child construct that has the id \`Default\` or \`Resource"\`. | --- ##### \`Addr\`Required \`\`\`go func Addr() *string \`\`\` - *Type:* *string Returns an opaque tree-unique address for this construct. Addresses are 42 characters hexadecimal strings. They begin with "c8" followed by 40 lowercase hexadecimal characters (0-9a-f). Addresses are calculated using a SHA-1 of the components of the construct path. To enable refactorings of construct trees, constructs with the ID \`Default\` will be excluded from the calculation. In those cases constructs in the same tree may have the same addreess. --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. c83a2846e506bcc5f10682b564084bca2d275709ee \`\`\` ##### \`Children\`Required \`\`\`go func Children() *[]IConstruct \`\`\` - *Type:* *[]IConstruct All direct children of this construct. --- ##### \`Dependencies\`Required \`\`\`go func Dependencies() *[]IConstruct \`\`\` - *Type:* *[]IConstruct Return all dependencies registered on this node (non-recursive). --- ##### \`Id\`Required \`\`\`go func Id() *string \`\`\` - *Type:* *string The id of this construct within the current scope. This is a a scope-unique id. To obtain an app-unique id for this construct, use \`uniqueId\`. --- ##### \`Locked\`Required \`\`\`go func Locked() *bool \`\`\` - *Type:* *bool Returns true if this construct or the scopes in which it is defined are locked. --- ##### \`Metadata\`Required \`\`\`go func Metadata() *[]MetadataEntry \`\`\` - *Type:* *[]MetadataEntry An immutable array of metadata objects associated with this construct. This can be used, for example, to implement support for deprecation notices, source mapping, etc. --- ##### \`Path\`Required \`\`\`go func Path() *string \`\`\` - *Type:* *string The full, absolute path of this construct in the tree. Components are separated by '/'. --- ##### \`Root\`Required \`\`\`go func Root() IConstruct \`\`\` - *Type:* IConstruct Returns the root of the construct tree. --- ##### \`Scopes\`Required \`\`\`go func Scopes() *[]IConstruct \`\`\` - *Type:* *[]IConstruct All parent scopes of this construct. --- ##### \`Scope\`Optional \`\`\`go func Scope() IConstruct \`\`\` - *Type:* IConstruct Returns the scope in which this construct is defined. The value is \`undefined\` at the root of the construct scope tree. --- ##### \`DefaultChild\`Optional \`\`\`go func DefaultChild() IConstruct \`\`\` - *Type:* IConstruct Returns the child construct that has the id \`Default\` or \`Resource"\`. This is usually the construct that provides the bulk of the underlying functionality. Useful for modifications of the underlying construct that are not available at the higher levels. Override the defaultChild property. This should only be used in the cases where the correct default child is not named 'Resource' or 'Default' as it should be. If you set this to undefined, the default behavior of finding the child named 'Resource' or 'Default' will be used. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | PathSep | *string | Separator used to delimit construct path components. | --- ##### \`PathSep\`Required \`\`\`go func PathSep() *string \`\`\` - *Type:* *string Separator used to delimit construct path components. --- ## Protocols ### IConstruct - *Extends:* IDependable - *Implemented By:* github.com/aws/aws-cdk-go/awscdkawsecr.CfnPublicRepository, github.com/aws/aws-cdk-go/awscdkawsecr.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdkawsecr.CfnReplicationConfiguration, github.com/aws/aws-cdk-go/awscdkawsecr.CfnRepository, github.com/aws/aws-cdk-go/awscdkawsecr.Repository, github.com/aws/aws-cdk-go/awscdkawsecr.RepositoryBase, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.Archive, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnApiDestination, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnArchive, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnConnection, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnEventBus, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnEventBusPolicy, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnRule, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.EventBus, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.Rule, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnAccessKey, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnGroup, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnInstanceProfile, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnManagedPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnOIDCProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnRole, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnSAMLProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnServerCertificate, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnServiceLinkedRole, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnUser, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnUserToGroupAddition, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnVirtualMFADevice, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.Group, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.LazyRole, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.ManagedPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.Policy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.Role, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.SamlProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.User, github.com/aws/aws-cdk-go/awscdk/awscdkcore.App, github.com/aws/aws-cdk-go/awscdk/awscdkcore.AssetStaging, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnCodeDeployBlueGreenHook, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnCondition, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnElement, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnHook, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnInclude, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnJson, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnMacro, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnMapping, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnOutput, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnParameter, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnRefElement, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnResource, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnRule, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnStack, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnStackSet, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk/awscdkcore.Construct, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CustomResource, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CustomResourceProvider, github.com/aws/aws-cdk-go/awscdk/awscdkcore.NestedStack, github.com/aws/aws-cdk-go/awscdk/awscdkcore.Resource, github.com/aws/aws-cdk-go/awscdk/awscdkcore.Stack, github.com/aws/aws-cdk-go/awscdk/awscdkcore.Stage, github.com/aws/aws-cdk-go/awscdk/v2.alexa_ask.CfnSkill, github.com/aws/aws-cdk-go/awscdk/v2.aws_accessanalyzer.CfnAnalyzer, github.com/aws/aws-cdk-go/awscdk/v2.aws_acmpca.CfnCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_acmpca.CfnCertificateAuthority, github.com/aws/aws-cdk-go/awscdk/v2.aws_acmpca.CfnCertificateAuthorityActivation, github.com/aws/aws-cdk-go/awscdk/v2.aws_amazonmq.CfnBroker, github.com/aws/aws-cdk-go/awscdk/v2.aws_amazonmq.CfnConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_amazonmq.CfnConfigurationAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_amplify.CfnApp, github.com/aws/aws-cdk-go/awscdk/v2.aws_amplify.CfnBranch, github.com/aws/aws-cdk-go/awscdk/v2.aws_amplify.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.ApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Authorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.BasePathMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnAccount, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnBasePathMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnClientCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnDeployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnDocumentationPart, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnDocumentationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnDomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnGatewayResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnMethod, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnRequestValidator, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnRestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnStage, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnUsagePlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnUsagePlanKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnVpcLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CognitoUserPoolsAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Deployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.DomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.GatewayResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.LambdaRestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Method, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Model, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.ProxyResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RateLimitedApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RequestAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RequestValidator, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Resource, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.ResourceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RestApiBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.SpecRestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Stage, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.TokenAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.UsagePlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.VpcLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnApiGatewayManagedOverrides, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnApiMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnDeployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnDomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnIntegration, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnIntegrationResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnRouteResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnStage, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnVpcLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnConfigurationProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnDeployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnDeploymentStrategy, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnHostedConfigurationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_appflow.CfnConnectorProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_appflow.CfnFlow, github.com/aws/aws-cdk-go/awscdk/v2.aws_appintegrations.CfnEventIntegration, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.BaseScalableAttribute, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.CfnScalableTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.CfnScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.ScalableTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.StepScalingAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.StepScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.TargetTrackingScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationinsights.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnGatewayRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnMesh, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnVirtualGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnVirtualNode, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnVirtualRouter, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnVirtualService, github.com/aws/aws-cdk-go/awscdk/v2.aws_apprunner.CfnService, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnDirectoryConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnImageBuilder, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnStack, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnStackFleetAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnStackUserAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnApiCache, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnDataSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnFunctionConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnGraphQLApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnGraphQLSchema, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnResolver, github.com/aws/aws-cdk-go/awscdk/v2.aws_athena.CfnDataCatalog, github.com/aws/aws-cdk-go/awscdk/v2.aws_athena.CfnNamedQuery, github.com/aws/aws-cdk-go/awscdk/v2.aws_athena.CfnWorkGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_auditmanager.CfnAssessment, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.AutoScalingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnAutoScalingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnLaunchConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnLifecycleHook, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnScheduledAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnWarmPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.LifecycleHook, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.ScheduledAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.StepScalingAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.StepScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.TargetTrackingScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscalingplans.CfnScalingPlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.BackupPlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.BackupSelection, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.BackupVault, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.CfnBackupPlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.CfnBackupSelection, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.CfnBackupVault, github.com/aws/aws-cdk-go/awscdk/v2.aws_batch.CfnComputeEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_batch.CfnJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_batch.CfnJobQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_budgets.CfnBudget, github.com/aws/aws-cdk-go/awscdk/v2.aws_budgets.CfnBudgetsAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_cassandra.CfnKeyspace, github.com/aws/aws-cdk-go/awscdk/v2.aws_cassandra.CfnTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_ce.CfnAnomalyMonitor, github.com/aws/aws-cdk-go/awscdk/v2.aws_ce.CfnAnomalySubscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_ce.CfnCostCategory, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.Certificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.CfnAccount, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.CfnCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.DnsValidatedCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_chatbot.CfnSlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_chatbot.SlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloud9.CfnEnvironmentEC2, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnMacro, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnStack, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnStackSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.experimental.EdgeFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CachePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnCachePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnCloudFrontOriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnDistribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnKeyGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnOriginRequestPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnPublicKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnRealtimeLogConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnStreamingDistribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CloudFrontWebDistribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.Distribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.KeyGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.OriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.OriginRequestPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.PublicKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudtrail.CfnTrail, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudtrail.Trail, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.Alarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.AlarmBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnAlarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnAnomalyDetector, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnCompositeAlarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnDashboard, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnInsightRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnMetricStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CompositeAlarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.Dashboard, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeartifact.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeartifact.CfnRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.BitBucketSourceCredentials, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.CfnReportGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.CfnSourceCredential, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.GitHubEnterpriseSourceCredentials, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.GitHubSourceCredentials, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.PipelineProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.Project, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.ReportGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.UntrustedCodeBoundaryPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_codecommit.CfnRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codecommit.Repository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.CfnDeploymentConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.CfnDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.CustomLambdaDeploymentConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.EcsApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.LambdaApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.LambdaDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ServerApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ServerDeploymentConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ServerDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeguruprofiler.CfnProfilingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeguruprofiler.ProfilingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codegurureviewer.CfnRepositoryAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.CfnCustomActionType, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.CfnPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.CfnWebhook, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.Pipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline_actions.BaseJenkinsProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline_actions.JenkinsProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_codestar.CfnGitHubRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codestarconnections.CfnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_codestarnotifications.CfnNotificationRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnIdentityPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnIdentityPoolRoleAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolClient, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolIdentityProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolRiskConfigurationAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolUICustomizationAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolUserToGroupAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolClient, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolIdentityProviderAmazon, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolIdentityProviderApple, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolIdentityProviderFacebook, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolIdentityProviderGoogle, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.AccessKeysRotated, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnAggregationAuthorization, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnConfigRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnConfigurationAggregator, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnConfigurationRecorder, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnConformancePack, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnDeliveryChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnOrganizationConfigRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnOrganizationConformancePack, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnRemediationConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnStoredQuery, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CloudFormationStackDriftDetectionCheck, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CloudFormationStackNotificationCheck, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CustomRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.ManagedRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_customerprofiles.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_customerprofiles.CfnIntegration, github.com/aws/aws-cdk-go/awscdk/v2.aws_customerprofiles.CfnObjectType, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnDataset, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnRecipe, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnSchedule, github.com/aws/aws-cdk-go/awscdk/v2.aws_datapipeline.CfnPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnAgent, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationEFS, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationFSxWindows, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationNFS, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationObjectStorage, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationS3, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationSMB, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_dax.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_dax.CfnParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_dax.CfnSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_detective.CfnGraph, github.com/aws/aws-cdk-go/awscdk/v2.aws_detective.CfnMemberInvitation, github.com/aws/aws-cdk-go/awscdk/v2.aws_devopsguru.CfnNotificationChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_devopsguru.CfnResourceCollection, github.com/aws/aws-cdk-go/awscdk/v2.aws_directoryservice.CfnMicrosoftAD, github.com/aws/aws-cdk-go/awscdk/v2.aws_directoryservice.CfnSimpleAD, github.com/aws/aws-cdk-go/awscdk/v2.aws_dlm.CfnLifecyclePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnEventSubscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnReplicationInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnReplicationSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnReplicationTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.ClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk/v2.aws_dynamodb.CfnGlobalTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_dynamodb.CfnTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_dynamodb.Table, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.BastionHostLinux, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnCapacityReservation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnCarrierGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnClientVpnAuthorizationRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnClientVpnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnClientVpnTargetNetworkAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnCustomerGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnDHCPOptions, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEC2Fleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEIP, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEIPAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEgressOnlyInternetGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEnclaveCertificateIamRoleAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnFlowLog, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnGatewayRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnHost, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnInternetGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnLaunchTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnLocalGatewayRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnLocalGatewayRouteTableVPCAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNatGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkAcl, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkAclEntry, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInsightsAnalysis, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInsightsPath, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInterface, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInterfaceAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInterfacePermission, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnPlacementGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnPrefixList, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnRouteTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSecurityGroupEgress, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSpotFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSubnetCidrBlock, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSubnetRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTrafficMirrorFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTrafficMirrorFilterRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTrafficMirrorSession, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTrafficMirrorTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayConnect, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayMulticastDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayMulticastDomainAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayMulticastGroupMember, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayMulticastGroupSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayPeeringAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayRouteTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayRouteTablePropagation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPC, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCCidrBlock, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCDHCPOptionsAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCEndpointConnectionNotification, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCEndpointService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCEndpointServicePermissions, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCGatewayAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCPeeringConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPNConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPNConnectionRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPNGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPNGatewayRoutePropagation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVolume, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVolumeAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ClientVpnAuthorizationRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ClientVpnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.FlowLog, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.GatewayVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Instance, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InterfaceVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.LaunchTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.NetworkAcl, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.NetworkAclEntry, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.PrivateSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.PublicSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Subnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Volume, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Vpc, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.VpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.VpcEndpointService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.VpnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.VpnGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.CfnPublicRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.CfnReplicationConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.CfnRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.Repository, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.RepositoryBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr_assets.DockerImageAsset, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.AsgCapacityProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.BaseService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnCapacityProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnClusterCapacityProviderAssociations, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnPrimaryTaskSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnTaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnTaskSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.Cluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.ContainerDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.Ec2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.Ec2TaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.FargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.FargateTaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.FirelensLogRouter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.LinuxParameters, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.ScalableTaskCount, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.TaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationLoadBalancedEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationLoadBalancedFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationLoadBalancedServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationMultipleTargetGroupsEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationMultipleTargetGroupsFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationMultipleTargetGroupsServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkLoadBalancedEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkLoadBalancedFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkLoadBalancedServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkMultipleTargetGroupsEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkMultipleTargetGroupsFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkMultipleTargetGroupsServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.QueueProcessingEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.QueueProcessingFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.QueueProcessingServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ScheduledEc2Task, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ScheduledFargateTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ScheduledTaskBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.AccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.CfnFileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.CfnMountTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.FileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.AwsAuth, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CfnAddon, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CfnFargateProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CfnNodegroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.Cluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.FargateCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.FargateProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.HelmChart, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesManifest, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesObjectValue, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesPatch, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.Nodegroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ServiceAccount, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnCacheCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnGlobalReplicationGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnReplicationGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnUserGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticbeanstalk.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticbeanstalk.CfnApplicationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticbeanstalk.CfnConfigurationTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticbeanstalk.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancing.CfnLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancing.LoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationListenerCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationListenerRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.BaseListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.BaseLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnListenerCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnListenerRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.NetworkListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.NetworkLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.NetworkTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.TargetGroupBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticsearch.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticsearch.Domain, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnInstanceFleetConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnInstanceGroupConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnSecurityConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnStep, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnStudio, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnStudioSessionMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_emrcontainers.CfnVirtualCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.Archive, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnApiDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnArchive, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnEventBus, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnEventBusPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.EventBus, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.Rule, github.com/aws/aws-cdk-go/awscdk/v2.aws_eventschemas.CfnDiscoverer, github.com/aws/aws-cdk-go/awscdk/v2.aws_eventschemas.CfnRegistry, github.com/aws/aws-cdk-go/awscdk/v2.aws_eventschemas.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_eventschemas.CfnSchema, github.com/aws/aws-cdk-go/awscdk/v2.aws_finspace.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_fis.CfnExperimentTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_fms.CfnNotificationChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_fms.CfnPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnDetector, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnEntityType, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnEventType, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnLabel, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnOutcome, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnVariable, github.com/aws/aws-cdk-go/awscdk/v2.aws_fsx.CfnFileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_fsx.FileSystemBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_fsx.LustreFileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnBuild, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnGameServerGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnGameSessionQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnMatchmakingConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnMatchmakingRuleSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnScript, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.Accelerator, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.CfnAccelerator, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.CfnEndpointGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.CfnListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.EndpointGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.Listener, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnClassifier, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnCrawler, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnDataCatalogEncryptionSettings, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnDatabase, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnDevEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnMLTransform, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnPartition, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnRegistry, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnSchema, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnSchemaVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnSchemaVersionMetadata, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnSecurityConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnTrigger, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnWorkflow, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnConnectorDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnConnectorDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnCoreDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnCoreDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnDeviceDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnDeviceDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnFunctionDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnFunctionDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnGroupVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnLoggerDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnLoggerDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnResourceDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnResourceDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnSubscriptionDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnSubscriptionDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrassv2.CfnComponentVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_groundstation.CfnConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_groundstation.CfnDataflowEndpointGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_groundstation.CfnMissionProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnDetector, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnIPSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnMaster, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnMember, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnThreatIntelSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnAccessKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnInstanceProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnManagedPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnOIDCProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnRole, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnSAMLProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnServerCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnServiceLinkedRole, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnUserToGroupAddition, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnVirtualMFADevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Group, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.LazyRole, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.ManagedPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Policy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Role, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.SamlProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.User, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnComponent, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnContainerRecipe, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnDistributionConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnImage, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnImagePipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnImageRecipe, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnInfrastructureConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_inspector.CfnAssessmentTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_inspector.CfnAssessmentTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_inspector.CfnResourceGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnAccountAuditConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnCustomMetric, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnDimension, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnDomainConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnMitigationAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnPolicyPrincipalAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnProvisioningTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnScheduledAudit, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnSecurityProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnThing, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnThingPrincipalAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnTopicRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnTopicRuleDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot1click.CfnDevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot1click.CfnPlacement, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot1click.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotanalytics.CfnChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotanalytics.CfnDataset, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotanalytics.CfnDatastore, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotanalytics.CfnPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotcoredeviceadvisor.CfnSuiteDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotevents.CfnDetectorModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotevents.CfnInput, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotfleethub.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnAccessPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnAsset, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnAssetModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnDashboard, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnPortal, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotthingsgraph.CfnFlowTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnDeviceProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnPartnerAccount, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnServiceProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnTaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnWirelessDevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnWirelessGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ivs.CfnChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_ivs.CfnPlaybackKeyPair, github.com/aws/aws-cdk-go/awscdk/v2.aws_ivs.CfnRecordingConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_ivs.CfnStreamKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_kendra.CfnDataSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_kendra.CfnFaq, github.com/aws/aws-cdk-go/awscdk/v2.aws_kendra.CfnIndex, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesis.CfnStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesis.CfnStreamConsumer, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesis.Stream, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationOutput, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationOutputV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationReferenceDataSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationReferenceDataSourceV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisfirehose.CfnDeliveryStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.Alias, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.CfnAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.CfnKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.Key, github.com/aws/aws-cdk-go/awscdk/v2.aws_lakeformation.CfnDataLakeSettings, github.com/aws/aws-cdk-go/awscdk/v2.aws_lakeformation.CfnPermissions, github.com/aws/aws-cdk-go/awscdk/v2.aws_lakeformation.CfnResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.Alias, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnCodeSigningConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnEventInvokeConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnEventSourceMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnLayerVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnLayerVersionPermission, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnPermission, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CodeSigningConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.DockerImageFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.EventInvokeConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.EventSourceMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.Function, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.FunctionBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.LayerVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.QualifiedFunctionBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.SingletonFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.Version, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda_nodejs.NodejsFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_licensemanager.CfnGrant, github.com/aws/aws-cdk-go/awscdk/v2.aws_licensemanager.CfnLicense, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnLogGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnLogStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnMetricFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnQueryDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnSubscriptionFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CrossAccountDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.LogGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.LogRetention, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.LogStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.MetricFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.SubscriptionFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_lookoutmetrics.CfnAlert, github.com/aws/aws-cdk-go/awscdk/v2.aws_lookoutmetrics.CfnAnomalyDetector, github.com/aws/aws-cdk-go/awscdk/v2.aws_lookoutvision.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_macie.CfnCustomDataIdentifier, github.com/aws/aws-cdk-go/awscdk/v2.aws_macie.CfnFindingsFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_macie.CfnSession, github.com/aws/aws-cdk-go/awscdk/v2.aws_managedblockchain.CfnMember, github.com/aws/aws-cdk-go/awscdk/v2.aws_managedblockchain.CfnNode, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlow, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlowEntitlement, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlowOutput, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlowSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlowVpcInterface, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconvert.CfnJobTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconvert.CfnPreset, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconvert.CfnQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_medialive.CfnChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_medialive.CfnInput, github.com/aws/aws-cdk-go/awscdk/v2.aws_medialive.CfnInputSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnAsset, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnOriginEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnPackagingConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnPackagingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediastore.CfnContainer, github.com/aws/aws-cdk-go/awscdk/v2.aws_msk.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_mwaa.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkfirewall.CfnFirewall, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkfirewall.CfnFirewallPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkfirewall.CfnLoggingConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkfirewall.CfnRuleGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnCustomerGatewayAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnDevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnGlobalNetwork, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnLinkAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnSite, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnTransitGatewayRegistration, github.com/aws/aws-cdk-go/awscdk/v2.aws_nimblestudio.CfnLaunchProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_nimblestudio.CfnStreamingImage, github.com/aws/aws-cdk-go/awscdk/v2.aws_nimblestudio.CfnStudio, github.com/aws/aws-cdk-go/awscdk/v2.aws_nimblestudio.CfnStudioComponent, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnApp, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnElasticLoadBalancerAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnLayer, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnStack, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnUserProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnVolume, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworkscm.CfnServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnADMChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnAPNSChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnAPNSSandboxChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnAPNSVoipChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnAPNSVoipSandboxChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnApp, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnApplicationSettings, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnBaiduChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnCampaign, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnEmailChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnEmailTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnEventStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnGCMChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnPushTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnSMSChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnSegment, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnSmsTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnVoiceChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpointemail.CfnConfigurationSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpointemail.CfnConfigurationSetEventDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpointemail.CfnDedicatedIpPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpointemail.CfnIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_qldb.CfnLedger, github.com/aws/aws-cdk-go/awscdk/v2.aws_qldb.CfnStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnAnalysis, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnDashboard, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnDataSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnDataSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnTheme, github.com/aws/aws-cdk-go/awscdk/v2.aws_ram.CfnResourceShare, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBProxy, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBProxyEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBProxyTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnEventSubscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnGlobalCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnOptionGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseClusterBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseClusterFromSnapshot, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseInstanceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseInstanceFromSnapshot, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseInstanceReadReplica, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseProxy, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.OptionGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.ParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.ServerlessCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.SubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnClusterSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnClusterSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnClusterSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_resourcegroups.CfnGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnRobot, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnRobotApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnRobotApplicationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnSimulationApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnSimulationApplicationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.ARecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.AaaaRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CaaAmazonRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CaaRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnDNSSEC, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnHealthCheck, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnKeySigningKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnRecordSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnRecordSetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CnameRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CrossAccountZoneDelegationRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.HostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.MxRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.NsRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.PrivateHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.PublicHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.RecordSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.SrvRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.TxtRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.VpcEndpointServiceDomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.ZoneDelegationRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53_patterns.HttpsRedirect, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnFirewallDomainList, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnFirewallRuleGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnFirewallRuleGroupAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverDNSSECConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverQueryLoggingConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverQueryLoggingConfigAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverRuleAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.Bucket, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.BucketPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.CfnBucket, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.CfnBucketPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.CfnStorageLens, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3_assets.Asset, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3_deployment.BucketDeployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3objectlambda.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3objectlambda.CfnAccessPointPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3outposts.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3outposts.CfnBucket, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3outposts.CfnBucketPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3outposts.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnApp, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnAppImageConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnCodeRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnDataQualityJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnDevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnDeviceFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnEndpointConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnFeatureGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnImage, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnImageVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModelBiasJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModelExplainabilityJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModelPackageGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModelQualityJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnMonitoringSchedule, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnNotebookInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnNotebookInstanceLifecycleConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnUserProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnWorkteam, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnLayerVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnSimpleTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnStateMachine, github.com/aws/aws-cdk-go/awscdk/v2.aws_sdb.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.CfnResourcePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.CfnRotationSchedule, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.CfnSecret, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.CfnSecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.ResourcePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.RotationSchedule, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.Secret, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.SecretRotation, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.SecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_securityhub.CfnHub, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnAcceptedPortfolioShare, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnCloudFormationProduct, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnCloudFormationProvisionedProduct, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnLaunchNotificationConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnLaunchRoleConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnLaunchTemplateConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnPortfolio, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnPortfolioPrincipalAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnPortfolioProductAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnPortfolioShare, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnResourceUpdateConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnServiceAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnServiceActionAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnStackSetConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnTagOption, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnTagOptionAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalogappregistry.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalogappregistry.CfnAttributeGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalogappregistry.CfnAttributeGroupAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalogappregistry.CfnResourceAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.AliasTargetInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnHttpNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnPrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnPublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnService, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CnameInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.HttpNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.InstanceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IpInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.NonIpInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.PrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.PublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.AllowListReceiptFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnConfigurationSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnConfigurationSetEventDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnContactList, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnReceiptFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnReceiptRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.DropSpamReceiptRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.ReceiptFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.ReceiptRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.ReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_signer.CfnProfilePermission, github.com/aws/aws-cdk-go/awscdk/v2.aws_signer.CfnSigningProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_signer.SigningProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.CfnSubscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.CfnTopic, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.CfnTopicPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.Subscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.Topic, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.TopicBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.TopicPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.CfnQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.CfnQueuePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.Queue, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.QueueBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.QueuePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnDocument, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnMaintenanceWindow, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnMaintenanceWindowTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnMaintenanceWindowTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnPatchBaseline, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnResourceDataSync, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.StringListParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.StringParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssmcontacts.CfnContact, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssmcontacts.CfnContactChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssmincidents.CfnReplicationSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssmincidents.CfnResponsePlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_sso.CfnAssignment, github.com/aws/aws-cdk-go/awscdk/v2.aws_sso.CfnInstanceAccessControlAttributeConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_sso.CfnPermissionSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Activity, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.CfnActivity, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.CfnStateMachine, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Choice, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.CustomState, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Fail, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Map, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Parallel, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Pass, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.State, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.StateMachine, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.StateMachineFragment, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Succeed, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.TaskStateBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Wait, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.AthenaGetQueryExecution, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.AthenaGetQueryResults, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.AthenaStartQueryExecution, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.AthenaStopQueryExecution, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.BatchSubmitJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.CallApiGatewayHttpApiEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.CallApiGatewayRestApiEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.CodeBuildStartBuild, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.DynamoDeleteItem, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.DynamoGetItem, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.DynamoPutItem, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.DynamoUpdateItem, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EcsRunTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EksCall, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrAddStep, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrCancelStep, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrCreateCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrModifyInstanceFleetByName, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrModifyInstanceGroupByName, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrSetClusterTerminationProtection, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrTerminateCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EvaluateExpression, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.GlueDataBrewStartJobRun, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.GlueStartJobRun, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.LambdaInvoke, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateEndpointConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateTrainingJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateTransformJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerUpdateEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SnsPublish, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SqsSendMessage, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.StepFunctionsInvokeActivity, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.StepFunctionsStartExecution, github.com/aws/aws-cdk-go/awscdk/v2.aws_synthetics.CfnCanary, github.com/aws/aws-cdk-go/awscdk/v2.aws_timestream.CfnDatabase, github.com/aws/aws-cdk-go/awscdk/v2.aws_timestream.CfnTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_transfer.CfnServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_transfer.CfnUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnByteMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnIPSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnSizeConstraintSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnSqlInjectionMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnWebACL, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnXssMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnByteMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnGeoMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnIPSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnRateBasedRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnRegexPatternSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnSizeConstraintSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnSqlInjectionMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnWebACL, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnWebACLAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnXssMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnIPSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnRegexPatternSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnRuleGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnWebACL, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnWebACLAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_workspaces.CfnConnectionAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_workspaces.CfnWorkspace, github.com/aws/aws-cdk-go/awscdk/v2.aws_xray.CfnGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_xray.CfnSamplingRule, github.com/aws/aws-cdk-go/awscdk/v2.cloudformation_include.CfnInclude, github.com/aws/aws-cdk-go/awscdk/v2.custom_resources.AwsCustomResource, github.com/aws/aws-cdk-go/awscdk/v2.custom_resources.Provider, github.com/aws/aws-cdk-go/awscdk/v2.lambda_layer_awscli.AwsCliLayer, github.com/aws/aws-cdk-go/awscdk/v2.lambda_layer_kubectl.KubectlLayer, github.com/aws/aws-cdk-go/awscdk/v2.App, github.com/aws/aws-cdk-go/awscdk/v2.AssetStaging, github.com/aws/aws-cdk-go/awscdk/v2.CfnCodeDeployBlueGreenHook, github.com/aws/aws-cdk-go/awscdk/v2.CfnCondition, github.com/aws/aws-cdk-go/awscdk/v2.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk/v2.CfnElement, github.com/aws/aws-cdk-go/awscdk/v2.CfnHook, github.com/aws/aws-cdk-go/awscdk/v2.CfnJson, github.com/aws/aws-cdk-go/awscdk/v2.CfnMacro, github.com/aws/aws-cdk-go/awscdk/v2.CfnMapping, github.com/aws/aws-cdk-go/awscdk/v2.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk/v2.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk/v2.CfnOutput, github.com/aws/aws-cdk-go/awscdk/v2.CfnParameter, github.com/aws/aws-cdk-go/awscdk/v2.CfnRefElement, github.com/aws/aws-cdk-go/awscdk/v2.CfnResource, github.com/aws/aws-cdk-go/awscdk/v2.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk/v2.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk/v2.CfnRule, github.com/aws/aws-cdk-go/awscdk/v2.CfnStack, github.com/aws/aws-cdk-go/awscdk/v2.CfnStackSet, github.com/aws/aws-cdk-go/awscdk/v2.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk/v2.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk/v2.CustomResource, github.com/aws/aws-cdk-go/awscdk/v2.CustomResourceProvider, github.com/aws/aws-cdk-go/awscdk/v2.NestedStack, github.com/aws/aws-cdk-go/awscdk/v2.Resource, github.com/aws/aws-cdk-go/awscdk/v2.Stack, github.com/aws/aws-cdk-go/awscdk/v2.Stage, Construct, github.com/aws/aws-cdk-go/awscdk.alexa_ask.CfnSkill, github.com/aws/aws-cdk-go/awscdk.assets.Staging, github.com/aws/aws-cdk-go/awscdk.aws_accessanalyzer.CfnAnalyzer, github.com/aws/aws-cdk-go/awscdk.aws_acmpca.CfnCertificate, github.com/aws/aws-cdk-go/awscdk.aws_acmpca.CfnCertificateAuthority, github.com/aws/aws-cdk-go/awscdk.aws_acmpca.CfnCertificateAuthorityActivation, github.com/aws/aws-cdk-go/awscdk.aws_amazonmq.CfnBroker, github.com/aws/aws-cdk-go/awscdk.aws_amazonmq.CfnConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_amazonmq.CfnConfigurationAssociation, github.com/aws/aws-cdk-go/awscdk.aws_amplify.App, github.com/aws/aws-cdk-go/awscdk.aws_amplify.Branch, github.com/aws/aws-cdk-go/awscdk.aws_amplify.CfnApp, github.com/aws/aws-cdk-go/awscdk.aws_amplify.CfnBranch, github.com/aws/aws-cdk-go/awscdk.aws_amplify.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_amplify.Domain, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.ApiKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Authorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.BasePathMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnAccount, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnApiKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnApiMappingV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnApiV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnAuthorizerV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnBasePathMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnClientCertificate, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDeployment, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDeploymentV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDocumentationPart, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDocumentationVersion, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDomainNameV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnGatewayResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnIntegrationResponseV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnIntegrationV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnMethod, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnModel, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnModelV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnRequestValidator, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnResource, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnRestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnRouteResponseV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnRouteV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnStage, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnStageV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnUsagePlan, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnUsagePlanKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnVpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CognitoUserPoolsAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Deployment, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.DomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.GatewayResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.LambdaRestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Method, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Model, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.ProxyResource, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RateLimitedApiKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RequestAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RequestValidator, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Resource, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.ResourceBase, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RestApiBase, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.SpecRestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Stage, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.TokenAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.UsagePlan, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.VpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.ApiMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnApiGatewayManagedOverrides, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnApiMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnDeployment, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnDomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnIntegrationResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnModel, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnRouteResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnStage, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnVpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.DomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpStage, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.VpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.WebSocketApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.WebSocketIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.WebSocketRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.WebSocketStage, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnConfigurationProfile, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnDeployment, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnDeploymentStrategy, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnHostedConfigurationVersion, github.com/aws/aws-cdk-go/awscdk.aws_appflow.CfnConnectorProfile, github.com/aws/aws-cdk-go/awscdk.aws_appflow.CfnFlow, github.com/aws/aws-cdk-go/awscdk.aws_appintegrations.CfnEventIntegration, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.BaseScalableAttribute, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.CfnScalableTarget, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.CfnScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.ScalableTarget, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.StepScalingAction, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.StepScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.TargetTrackingScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_applicationinsights.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnGatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnMesh, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnVirtualGateway, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnVirtualNode, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnVirtualRouter, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnVirtualService, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.GatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.Mesh, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.Route, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.VirtualGateway, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.VirtualNode, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.VirtualRouter, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.VirtualService, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnDirectoryConfig, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnFleet, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnImageBuilder, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnStack, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnStackFleetAssociation, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnStackUserAssociation, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnUser, github.com/aws/aws-cdk-go/awscdk.aws_appsync.AppsyncFunction, github.com/aws/aws-cdk-go/awscdk.aws_appsync.BackedDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.BaseDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnApiCache, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnApiKey, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnFunctionConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnGraphQLApi, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnGraphQLSchema, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnResolver, github.com/aws/aws-cdk-go/awscdk.aws_appsync.DynamoDbDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.ElasticsearchDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.GraphqlApi, github.com/aws/aws-cdk-go/awscdk.aws_appsync.GraphqlApiBase, github.com/aws/aws-cdk-go/awscdk.aws_appsync.HttpDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.LambdaDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.NoneDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.RdsDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.Resolver, github.com/aws/aws-cdk-go/awscdk.aws_athena.CfnDataCatalog, github.com/aws/aws-cdk-go/awscdk.aws_athena.CfnNamedQuery, github.com/aws/aws-cdk-go/awscdk.aws_athena.CfnWorkGroup, github.com/aws/aws-cdk-go/awscdk.aws_auditmanager.CfnAssessment, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.AutoScalingGroup, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnAutoScalingGroup, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnLaunchConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnLifecycleHook, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnScheduledAction, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnWarmPool, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.LifecycleHook, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.ScheduledAction, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.StepScalingAction, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.StepScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.TargetTrackingScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_autoscalingplans.CfnScalingPlan, github.com/aws/aws-cdk-go/awscdk.aws_backup.BackupPlan, github.com/aws/aws-cdk-go/awscdk.aws_backup.BackupSelection, github.com/aws/aws-cdk-go/awscdk.aws_backup.BackupVault, github.com/aws/aws-cdk-go/awscdk.aws_backup.CfnBackupPlan, github.com/aws/aws-cdk-go/awscdk.aws_backup.CfnBackupSelection, github.com/aws/aws-cdk-go/awscdk.aws_backup.CfnBackupVault, github.com/aws/aws-cdk-go/awscdk.aws_batch.CfnComputeEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_batch.CfnJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_batch.CfnJobQueue, github.com/aws/aws-cdk-go/awscdk.aws_batch.ComputeEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_batch.JobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_batch.JobQueue, github.com/aws/aws-cdk-go/awscdk.aws_budgets.CfnBudget, github.com/aws/aws-cdk-go/awscdk.aws_budgets.CfnBudgetsAction, github.com/aws/aws-cdk-go/awscdk.aws_cassandra.CfnKeyspace, github.com/aws/aws-cdk-go/awscdk.aws_cassandra.CfnTable, github.com/aws/aws-cdk-go/awscdk.aws_ce.CfnAnomalyMonitor, github.com/aws/aws-cdk-go/awscdk.aws_ce.CfnAnomalySubscription, github.com/aws/aws-cdk-go/awscdk.aws_ce.CfnCostCategory, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.Certificate, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.CfnAccount, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.CfnCertificate, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.DnsValidatedCertificate, github.com/aws/aws-cdk-go/awscdk.aws_chatbot.CfnSlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_chatbot.SlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_cloud9.CfnEnvironmentEC2, github.com/aws/aws-cdk-go/awscdk.aws_cloud9.Ec2Environment, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnMacro, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnStack, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnStackSet, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CustomResource, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.NestedStack, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.experimental.EdgeFunction, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CachePolicy, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnCachePolicy, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnCloudFrontOriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnDistribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnFunction, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnKeyGroup, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnOriginRequestPolicy, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnPublicKey, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnRealtimeLogConfig, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnStreamingDistribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CloudFrontWebDistribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.Distribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.KeyGroup, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.OriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.OriginRequestPolicy, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.PublicKey, github.com/aws/aws-cdk-go/awscdk.aws_cloudtrail.CfnTrail, github.com/aws/aws-cdk-go/awscdk.aws_cloudtrail.Trail, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.Alarm, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.AlarmBase, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnAlarm, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnAnomalyDetector, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnCompositeAlarm, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnDashboard, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnInsightRule, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnMetricStream, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CompositeAlarm, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.Dashboard, github.com/aws/aws-cdk-go/awscdk.aws_codeartifact.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_codeartifact.CfnRepository, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.BitBucketSourceCredentials, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.CfnReportGroup, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.CfnSourceCredential, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.GitHubEnterpriseSourceCredentials, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.GitHubSourceCredentials, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.PipelineProject, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.Project, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.ReportGroup, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.UntrustedCodeBoundaryPolicy, github.com/aws/aws-cdk-go/awscdk.aws_codecommit.CfnRepository, github.com/aws/aws-cdk-go/awscdk.aws_codecommit.Repository, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.CfnDeploymentConfig, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.CfnDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.CustomLambdaDeploymentConfig, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.EcsApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.LambdaApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.LambdaDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ServerApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ServerDeploymentConfig, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ServerDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codeguruprofiler.CfnProfilingGroup, github.com/aws/aws-cdk-go/awscdk.aws_codeguruprofiler.ProfilingGroup, github.com/aws/aws-cdk-go/awscdk.aws_codegurureviewer.CfnRepositoryAssociation, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.CfnCustomActionType, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.CfnPipeline, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.CfnWebhook, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.Pipeline, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline_actions.BaseJenkinsProvider, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline_actions.JenkinsProvider, github.com/aws/aws-cdk-go/awscdk.aws_codestar.CfnGitHubRepository, github.com/aws/aws-cdk-go/awscdk.aws_codestar.GitHubRepository, github.com/aws/aws-cdk-go/awscdk.aws_codestarconnections.CfnConnection, github.com/aws/aws-cdk-go/awscdk.aws_codestarnotifications.CfnNotificationRule, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnIdentityPool, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnIdentityPoolRoleAttachment, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPool, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolClient, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolDomain, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolGroup, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolIdentityProvider, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolRiskConfigurationAttachment, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolUICustomizationAttachment, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolUser, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolUserToGroupAttachment, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPool, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolClient, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolDomain, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolIdentityProviderAmazon, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolIdentityProviderApple, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolIdentityProviderFacebook, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolIdentityProviderGoogle, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk.aws_config.AccessKeysRotated, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnAggregationAuthorization, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnConfigRule, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnConfigurationAggregator, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnConfigurationRecorder, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnConformancePack, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnDeliveryChannel, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnOrganizationConfigRule, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnOrganizationConformancePack, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnRemediationConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnStoredQuery, github.com/aws/aws-cdk-go/awscdk.aws_config.CloudFormationStackDriftDetectionCheck, github.com/aws/aws-cdk-go/awscdk.aws_config.CloudFormationStackNotificationCheck, github.com/aws/aws-cdk-go/awscdk.aws_config.CustomRule, github.com/aws/aws-cdk-go/awscdk.aws_config.ManagedRule, github.com/aws/aws-cdk-go/awscdk.aws_customerprofiles.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_customerprofiles.CfnIntegration, github.com/aws/aws-cdk-go/awscdk.aws_customerprofiles.CfnObjectType, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnDataset, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnJob, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnRecipe, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnSchedule, github.com/aws/aws-cdk-go/awscdk.aws_datapipeline.CfnPipeline, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnAgent, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationEFS, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationFSxWindows, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationNFS, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationObjectStorage, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationS3, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationSMB, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnTask, github.com/aws/aws-cdk-go/awscdk.aws_dax.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_dax.CfnParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_dax.CfnSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_detective.CfnGraph, github.com/aws/aws-cdk-go/awscdk.aws_detective.CfnMemberInvitation, github.com/aws/aws-cdk-go/awscdk.aws_devopsguru.CfnNotificationChannel, github.com/aws/aws-cdk-go/awscdk.aws_devopsguru.CfnResourceCollection, github.com/aws/aws-cdk-go/awscdk.aws_directoryservice.CfnMicrosoftAD, github.com/aws/aws-cdk-go/awscdk.aws_directoryservice.CfnSimpleAD, github.com/aws/aws-cdk-go/awscdk.aws_dlm.CfnLifecyclePolicy, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnCertificate, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnEventSubscription, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnReplicationInstance, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnReplicationSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnReplicationTask, github.com/aws/aws-cdk-go/awscdk.aws_docdb.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk.aws_docdb.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_docdb.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk.aws_docdb.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_docdb.ClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_docdb.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_docdb.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_docdb.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk.aws_dynamodb.CfnGlobalTable, github.com/aws/aws-cdk-go/awscdk.aws_dynamodb.CfnTable, github.com/aws/aws-cdk-go/awscdk.aws_dynamodb.Table, github.com/aws/aws-cdk-go/awscdk.aws_ec2.BastionHostLinux, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnCapacityReservation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnCarrierGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnClientVpnAuthorizationRule, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnClientVpnRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnClientVpnTargetNetworkAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnCustomerGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnDHCPOptions, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEC2Fleet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEIP, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEIPAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEgressOnlyInternetGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEnclaveCertificateIamRoleAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnFlowLog, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnGatewayRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnHost, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnInstance, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnInternetGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnLaunchTemplate, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnLocalGatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnLocalGatewayRouteTableVPCAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNatGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkAcl, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkAclEntry, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInsightsAnalysis, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInsightsPath, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInterface, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInterfaceAttachment, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInterfacePermission, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnPlacementGroup, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnPrefixList, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnRouteTable, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSecurityGroupEgress, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSpotFleet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSubnetCidrBlock, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSubnetRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTrafficMirrorFilter, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTrafficMirrorFilterRule, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTrafficMirrorSession, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTrafficMirrorTarget, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayAttachment, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayConnect, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayMulticastDomain, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayMulticastDomainAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayMulticastGroupMember, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayMulticastGroupSource, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayRouteTable, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayRouteTablePropagation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPC, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCCidrBlock, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCDHCPOptionsAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCEndpointConnectionNotification, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCEndpointService, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCEndpointServicePermissions, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCGatewayAttachment, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCPeeringConnection, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPNConnection, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPNConnectionRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPNGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPNGatewayRoutePropagation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVolume, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVolumeAttachment, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ClientVpnAuthorizationRule, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ClientVpnRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.FlowLog, github.com/aws/aws-cdk-go/awscdk.aws_ec2.GatewayVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.Instance, github.com/aws/aws-cdk-go/awscdk.aws_ec2.InterfaceVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.LaunchTemplate, github.com/aws/aws-cdk-go/awscdk.aws_ec2.NetworkAcl, github.com/aws/aws-cdk-go/awscdk.aws_ec2.NetworkAclEntry, github.com/aws/aws-cdk-go/awscdk.aws_ec2.PrivateSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.PublicSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.SecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_ec2.Subnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.Volume, github.com/aws/aws-cdk-go/awscdk.aws_ec2.Vpc, github.com/aws/aws-cdk-go/awscdk.aws_ec2.VpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.VpcEndpointService, github.com/aws/aws-cdk-go/awscdk.aws_ec2.VpnConnection, github.com/aws/aws-cdk-go/awscdk.aws_ec2.VpnGateway, github.com/aws/aws-cdk-go/awscdk.aws_ecr.CfnPublicRepository, github.com/aws/aws-cdk-go/awscdk.aws_ecr.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdk.aws_ecr.CfnReplicationConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_ecr.CfnRepository, github.com/aws/aws-cdk-go/awscdk.aws_ecr.Repository, github.com/aws/aws-cdk-go/awscdk.aws_ecr.RepositoryBase, github.com/aws/aws-cdk-go/awscdk.aws_ecr_assets.DockerImageAsset, github.com/aws/aws-cdk-go/awscdk.aws_ecs.AsgCapacityProvider, github.com/aws/aws-cdk-go/awscdk.aws_ecs.BaseService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnCapacityProvider, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnClusterCapacityProviderAssociations, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnPrimaryTaskSet, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnTaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnTaskSet, github.com/aws/aws-cdk-go/awscdk.aws_ecs.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_ecs.ContainerDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.Ec2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs.Ec2TaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.FargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.FargateTaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.FirelensLogRouter, github.com/aws/aws-cdk-go/awscdk.aws_ecs.LinuxParameters, github.com/aws/aws-cdk-go/awscdk.aws_ecs.ScalableTaskCount, github.com/aws/aws-cdk-go/awscdk.aws_ecs.TaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationLoadBalancedEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationLoadBalancedFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationLoadBalancedServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationMultipleTargetGroupsEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationMultipleTargetGroupsFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationMultipleTargetGroupsServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkLoadBalancedEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkLoadBalancedFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkLoadBalancedServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkMultipleTargetGroupsEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkMultipleTargetGroupsFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkMultipleTargetGroupsServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.QueueProcessingEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.QueueProcessingFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.QueueProcessingServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ScheduledEc2Task, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ScheduledFargateTask, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ScheduledTaskBase, github.com/aws/aws-cdk-go/awscdk.aws_efs.AccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_efs.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_efs.CfnFileSystem, github.com/aws/aws-cdk-go/awscdk.aws_efs.CfnMountTarget, github.com/aws/aws-cdk-go/awscdk.aws_efs.FileSystem, github.com/aws/aws-cdk-go/awscdk.aws_eks.AwsAuth, github.com/aws/aws-cdk-go/awscdk.aws_eks.CfnAddon, github.com/aws/aws-cdk-go/awscdk.aws_eks.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_eks.CfnFargateProfile, github.com/aws/aws-cdk-go/awscdk.aws_eks.CfnNodegroup, github.com/aws/aws-cdk-go/awscdk.aws_eks.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_eks.FargateCluster, github.com/aws/aws-cdk-go/awscdk.aws_eks.FargateProfile, github.com/aws/aws-cdk-go/awscdk.aws_eks.HelmChart, github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesManifest, github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesObjectValue, github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesPatch, github.com/aws/aws-cdk-go/awscdk.aws_eks.Nodegroup, github.com/aws/aws-cdk-go/awscdk.aws_eks.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk.aws_eks.ServiceAccount, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.AwsAuth, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.CfnAddon, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.CfnFargateProfile, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.CfnNodegroup, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.HelmChart, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.KubernetesResource, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnCacheCluster, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnGlobalReplicationGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnReplicationGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnUser, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnUserGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticbeanstalk.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_elasticbeanstalk.CfnApplicationVersion, github.com/aws/aws-cdk-go/awscdk.aws_elasticbeanstalk.CfnConfigurationTemplate, github.com/aws/aws-cdk-go/awscdk.aws_elasticbeanstalk.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancing.CfnLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancing.LoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationListenerCertificate, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationListenerRule, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.BaseListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.BaseLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnListenerCertificate, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnListenerRule, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.NetworkListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.NetworkLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.NetworkTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.TargetGroupBase, github.com/aws/aws-cdk-go/awscdk.aws_elasticsearch.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_elasticsearch.Domain, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnInstanceFleetConfig, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnInstanceGroupConfig, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnSecurityConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnStep, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnStudio, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnStudioSessionMapping, github.com/aws/aws-cdk-go/awscdk.aws_emrcontainers.CfnVirtualCluster, github.com/aws/aws-cdk-go/awscdk.aws_events.Archive, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnApiDestination, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnArchive, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnConnection, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnEventBus, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnEventBusPolicy, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnRule, github.com/aws/aws-cdk-go/awscdk.aws_events.EventBus, github.com/aws/aws-cdk-go/awscdk.aws_events.Rule, github.com/aws/aws-cdk-go/awscdk.aws_eventschemas.CfnDiscoverer, github.com/aws/aws-cdk-go/awscdk.aws_eventschemas.CfnRegistry, github.com/aws/aws-cdk-go/awscdk.aws_eventschemas.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdk.aws_eventschemas.CfnSchema, github.com/aws/aws-cdk-go/awscdk.aws_finspace.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_fis.CfnExperimentTemplate, github.com/aws/aws-cdk-go/awscdk.aws_fms.CfnNotificationChannel, github.com/aws/aws-cdk-go/awscdk.aws_fms.CfnPolicy, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnDetector, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnEntityType, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnEventType, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnLabel, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnOutcome, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnVariable, github.com/aws/aws-cdk-go/awscdk.aws_fsx.CfnFileSystem, github.com/aws/aws-cdk-go/awscdk.aws_fsx.FileSystemBase, github.com/aws/aws-cdk-go/awscdk.aws_fsx.LustreFileSystem, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnAlias, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnBuild, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnFleet, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnGameServerGroup, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnGameSessionQueue, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnMatchmakingConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnMatchmakingRuleSet, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnScript, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.Accelerator, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.CfnAccelerator, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.CfnEndpointGroup, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.CfnListener, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.EndpointGroup, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.Listener, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnClassifier, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnConnection, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnCrawler, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnDataCatalogEncryptionSettings, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnDatabase, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnDevEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnJob, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnMLTransform, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnPartition, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnRegistry, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnSchema, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnSchemaVersion, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnSchemaVersionMetadata, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnSecurityConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnTable, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnTrigger, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnWorkflow, github.com/aws/aws-cdk-go/awscdk.aws_glue.Connection, github.com/aws/aws-cdk-go/awscdk.aws_glue.Database, github.com/aws/aws-cdk-go/awscdk.aws_glue.SecurityConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_glue.Table, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnConnectorDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnConnectorDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnCoreDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnCoreDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnDeviceDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnDeviceDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnFunctionDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnFunctionDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnGroup, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnGroupVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnLoggerDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnLoggerDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnResourceDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnResourceDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnSubscriptionDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnSubscriptionDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrassv2.CfnComponentVersion, github.com/aws/aws-cdk-go/awscdk.aws_groundstation.CfnConfig, github.com/aws/aws-cdk-go/awscdk.aws_groundstation.CfnDataflowEndpointGroup, github.com/aws/aws-cdk-go/awscdk.aws_groundstation.CfnMissionProfile, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnDetector, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnFilter, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnIPSet, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnMaster, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnMember, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnThreatIntelSet, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnAccessKey, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnGroup, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnInstanceProfile, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnManagedPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnOIDCProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnRole, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnSAMLProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnServerCertificate, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnServiceLinkedRole, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnUser, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnUserToGroupAddition, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnVirtualMFADevice, github.com/aws/aws-cdk-go/awscdk.aws_iam.Group, github.com/aws/aws-cdk-go/awscdk.aws_iam.LazyRole, github.com/aws/aws-cdk-go/awscdk.aws_iam.ManagedPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.Policy, github.com/aws/aws-cdk-go/awscdk.aws_iam.Role, github.com/aws/aws-cdk-go/awscdk.aws_iam.SamlProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.User, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnComponent, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnContainerRecipe, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnDistributionConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnImage, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnImagePipeline, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnImageRecipe, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnInfrastructureConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_inspector.CfnAssessmentTarget, github.com/aws/aws-cdk-go/awscdk.aws_inspector.CfnAssessmentTemplate, github.com/aws/aws-cdk-go/awscdk.aws_inspector.CfnResourceGroup, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnAccountAuditConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnCertificate, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnCustomMetric, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnDimension, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnDomainConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnMitigationAction, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnPolicyPrincipalAttachment, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnProvisioningTemplate, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnScheduledAudit, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnSecurityProfile, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnThing, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnThingPrincipalAttachment, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnTopicRule, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnTopicRuleDestination, github.com/aws/aws-cdk-go/awscdk.aws_iot1click.CfnDevice, github.com/aws/aws-cdk-go/awscdk.aws_iot1click.CfnPlacement, github.com/aws/aws-cdk-go/awscdk.aws_iot1click.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_iotanalytics.CfnChannel, github.com/aws/aws-cdk-go/awscdk.aws_iotanalytics.CfnDataset, github.com/aws/aws-cdk-go/awscdk.aws_iotanalytics.CfnDatastore, github.com/aws/aws-cdk-go/awscdk.aws_iotanalytics.CfnPipeline, github.com/aws/aws-cdk-go/awscdk.aws_iotevents.CfnDetectorModel, github.com/aws/aws-cdk-go/awscdk.aws_iotevents.CfnInput, github.com/aws/aws-cdk-go/awscdk.aws_iotfleethub.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnAccessPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnAsset, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnAssetModel, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnDashboard, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnGateway, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnPortal, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_iotthingsgraph.CfnFlowTemplate, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnDestination, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnDeviceProfile, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnPartnerAccount, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnServiceProfile, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnTaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnWirelessDevice, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnWirelessGateway, github.com/aws/aws-cdk-go/awscdk.aws_ivs.CfnChannel, github.com/aws/aws-cdk-go/awscdk.aws_ivs.CfnPlaybackKeyPair, github.com/aws/aws-cdk-go/awscdk.aws_ivs.CfnRecordingConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_ivs.CfnStreamKey, github.com/aws/aws-cdk-go/awscdk.aws_ivs.Channel, github.com/aws/aws-cdk-go/awscdk.aws_ivs.PlaybackKeyPair, github.com/aws/aws-cdk-go/awscdk.aws_ivs.StreamKey, github.com/aws/aws-cdk-go/awscdk.aws_kendra.CfnDataSource, github.com/aws/aws-cdk-go/awscdk.aws_kendra.CfnFaq, github.com/aws/aws-cdk-go/awscdk.aws_kendra.CfnIndex, github.com/aws/aws-cdk-go/awscdk.aws_kinesis.CfnStream, github.com/aws/aws-cdk-go/awscdk.aws_kinesis.CfnStreamConsumer, github.com/aws/aws-cdk-go/awscdk.aws_kinesis.Stream, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationOutput, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationOutputV2, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationReferenceDataSource, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationReferenceDataSourceV2, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationV2, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics_flink.Application, github.com/aws/aws-cdk-go/awscdk.aws_kinesisfirehose.CfnDeliveryStream, github.com/aws/aws-cdk-go/awscdk.aws_kms.Alias, github.com/aws/aws-cdk-go/awscdk.aws_kms.CfnAlias, github.com/aws/aws-cdk-go/awscdk.aws_kms.CfnKey, github.com/aws/aws-cdk-go/awscdk.aws_kms.Key, github.com/aws/aws-cdk-go/awscdk.aws_lakeformation.CfnDataLakeSettings, github.com/aws/aws-cdk-go/awscdk.aws_lakeformation.CfnPermissions, github.com/aws/aws-cdk-go/awscdk.aws_lakeformation.CfnResource, github.com/aws/aws-cdk-go/awscdk.aws_lambda.Alias, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnAlias, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnCodeSigningConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnEventInvokeConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnEventSourceMapping, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnLayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnLayerVersionPermission, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnPermission, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnVersion, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CodeSigningConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.DockerImageFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda.EventInvokeConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.EventSourceMapping, github.com/aws/aws-cdk-go/awscdk.aws_lambda.Function, github.com/aws/aws-cdk-go/awscdk.aws_lambda.FunctionBase, github.com/aws/aws-cdk-go/awscdk.aws_lambda.LayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_lambda.LogRetention, github.com/aws/aws-cdk-go/awscdk.aws_lambda.QualifiedFunctionBase, github.com/aws/aws-cdk-go/awscdk.aws_lambda.SingletonFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda.Version, github.com/aws/aws-cdk-go/awscdk.aws_lambda_go.GoFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda_nodejs.NodejsFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda_python.PythonFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda_python.PythonLayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_licensemanager.CfnGrant, github.com/aws/aws-cdk-go/awscdk.aws_licensemanager.CfnLicense, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnDestination, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnLogGroup, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnLogStream, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnMetricFilter, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnQueryDefinition, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnSubscriptionFilter, github.com/aws/aws-cdk-go/awscdk.aws_logs.CrossAccountDestination, github.com/aws/aws-cdk-go/awscdk.aws_logs.LogGroup, github.com/aws/aws-cdk-go/awscdk.aws_logs.LogRetention, github.com/aws/aws-cdk-go/awscdk.aws_logs.LogStream, github.com/aws/aws-cdk-go/awscdk.aws_logs.MetricFilter, github.com/aws/aws-cdk-go/awscdk.aws_logs.SubscriptionFilter, github.com/aws/aws-cdk-go/awscdk.aws_lookoutmetrics.CfnAlert, github.com/aws/aws-cdk-go/awscdk.aws_lookoutmetrics.CfnAnomalyDetector, github.com/aws/aws-cdk-go/awscdk.aws_lookoutvision.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_macie.CfnCustomDataIdentifier, github.com/aws/aws-cdk-go/awscdk.aws_macie.CfnFindingsFilter, github.com/aws/aws-cdk-go/awscdk.aws_macie.CfnSession, github.com/aws/aws-cdk-go/awscdk.aws_managedblockchain.CfnMember, github.com/aws/aws-cdk-go/awscdk.aws_managedblockchain.CfnNode, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlow, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlowEntitlement, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlowOutput, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlowSource, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlowVpcInterface, github.com/aws/aws-cdk-go/awscdk.aws_mediaconvert.CfnJobTemplate, github.com/aws/aws-cdk-go/awscdk.aws_mediaconvert.CfnPreset, github.com/aws/aws-cdk-go/awscdk.aws_mediaconvert.CfnQueue, github.com/aws/aws-cdk-go/awscdk.aws_medialive.CfnChannel, github.com/aws/aws-cdk-go/awscdk.aws_medialive.CfnInput, github.com/aws/aws-cdk-go/awscdk.aws_medialive.CfnInputSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnAsset, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnChannel, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnOriginEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnPackagingConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnPackagingGroup, github.com/aws/aws-cdk-go/awscdk.aws_mediastore.CfnContainer, github.com/aws/aws-cdk-go/awscdk.aws_msk.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_msk.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_mwaa.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.ClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_neptune.DatabaseClusterBase, github.com/aws/aws-cdk-go/awscdk.aws_neptune.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_neptune.ParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.SubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_networkfirewall.CfnFirewall, github.com/aws/aws-cdk-go/awscdk.aws_networkfirewall.CfnFirewallPolicy, github.com/aws/aws-cdk-go/awscdk.aws_networkfirewall.CfnLoggingConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_networkfirewall.CfnRuleGroup, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnCustomerGatewayAssociation, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnDevice, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnGlobalNetwork, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnLink, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnLinkAssociation, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnSite, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnTransitGatewayRegistration, github.com/aws/aws-cdk-go/awscdk.aws_nimblestudio.CfnLaunchProfile, github.com/aws/aws-cdk-go/awscdk.aws_nimblestudio.CfnStreamingImage, github.com/aws/aws-cdk-go/awscdk.aws_nimblestudio.CfnStudio, github.com/aws/aws-cdk-go/awscdk.aws_nimblestudio.CfnStudioComponent, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnApp, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnElasticLoadBalancerAttachment, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnInstance, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnLayer, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnStack, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnUserProfile, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnVolume, github.com/aws/aws-cdk-go/awscdk.aws_opsworkscm.CfnServer, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnADMChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnAPNSChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnAPNSSandboxChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnAPNSVoipChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnAPNSVoipSandboxChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnApp, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnApplicationSettings, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnBaiduChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnCampaign, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnEmailChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnEmailTemplate, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnEventStream, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnGCMChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnPushTemplate, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnSMSChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnSegment, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnSmsTemplate, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnVoiceChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpointemail.CfnConfigurationSet, github.com/aws/aws-cdk-go/awscdk.aws_pinpointemail.CfnConfigurationSetEventDestination, github.com/aws/aws-cdk-go/awscdk.aws_pinpointemail.CfnDedicatedIpPool, github.com/aws/aws-cdk-go/awscdk.aws_pinpointemail.CfnIdentity, github.com/aws/aws-cdk-go/awscdk.aws_qldb.CfnLedger, github.com/aws/aws-cdk-go/awscdk.aws_qldb.CfnStream, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnAnalysis, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnDashboard, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnDataSet, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnDataSource, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnTemplate, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnTheme, github.com/aws/aws-cdk-go/awscdk.aws_ram.CfnResourceShare, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBProxy, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBProxyEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBProxyTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnEventSubscription, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnGlobalCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnOptionGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseClusterBase, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseClusterFromSnapshot, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseInstanceBase, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseInstanceFromSnapshot, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseInstanceReadReplica, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseProxy, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk.aws_rds.OptionGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.ParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.ServerlessCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.SubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnClusterSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnClusterSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnClusterSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_redshift.ClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.ClusterSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk.aws_resourcegroups.CfnGroup, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnFleet, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnRobot, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnRobotApplication, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnRobotApplicationVersion, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnSimulationApplication, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnSimulationApplicationVersion, github.com/aws/aws-cdk-go/awscdk.aws_route53.ARecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.AaaaRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.CaaAmazonRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.CaaRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnDNSSEC, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnHealthCheck, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnKeySigningKey, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnRecordSet, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnRecordSetGroup, github.com/aws/aws-cdk-go/awscdk.aws_route53.CnameRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.CrossAccountZoneDelegationRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.HostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.MxRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.NsRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.PrivateHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.PublicHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.RecordSet, github.com/aws/aws-cdk-go/awscdk.aws_route53.SrvRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.TxtRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.VpcEndpointServiceDomainName, github.com/aws/aws-cdk-go/awscdk.aws_route53.ZoneDelegationRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53_patterns.HttpsRedirect, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnFirewallDomainList, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnFirewallRuleGroup, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnFirewallRuleGroupAssociation, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverDNSSECConfig, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverQueryLoggingConfig, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverQueryLoggingConfigAssociation, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverRule, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverRuleAssociation, github.com/aws/aws-cdk-go/awscdk.aws_s3.Bucket, github.com/aws/aws-cdk-go/awscdk.aws_s3.BucketPolicy, github.com/aws/aws-cdk-go/awscdk.aws_s3.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_s3.CfnBucket, github.com/aws/aws-cdk-go/awscdk.aws_s3.CfnBucketPolicy, github.com/aws/aws-cdk-go/awscdk.aws_s3.CfnStorageLens, github.com/aws/aws-cdk-go/awscdk.aws_s3_assets.Asset, github.com/aws/aws-cdk-go/awscdk.aws_s3_deployment.BucketDeployment, github.com/aws/aws-cdk-go/awscdk.aws_s3objectlambda.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_s3objectlambda.CfnAccessPointPolicy, github.com/aws/aws-cdk-go/awscdk.aws_s3outposts.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_s3outposts.CfnBucket, github.com/aws/aws-cdk-go/awscdk.aws_s3outposts.CfnBucketPolicy, github.com/aws/aws-cdk-go/awscdk.aws_s3outposts.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnApp, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnAppImageConfig, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnCodeRepository, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnDataQualityJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnDevice, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnDeviceFleet, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnEndpointConfig, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnFeatureGroup, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnImage, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnImageVersion, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModel, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModelBiasJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModelExplainabilityJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModelPackageGroup, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModelQualityJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnMonitoringSchedule, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnNotebookInstance, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnNotebookInstanceLifecycleConfig, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnPipeline, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnUserProfile, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnWorkteam, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnApi, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnFunction, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnLayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnSimpleTable, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnStateMachine, github.com/aws/aws-cdk-go/awscdk.aws_sdb.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.CfnResourcePolicy, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.CfnRotationSchedule, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.CfnSecret, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.CfnSecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.ResourcePolicy, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.RotationSchedule, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.Secret, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.SecretRotation, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.SecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk.aws_securityhub.CfnHub, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnAcceptedPortfolioShare, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnCloudFormationProduct, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnCloudFormationProvisionedProduct, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnLaunchNotificationConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnLaunchRoleConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnLaunchTemplateConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnPortfolio, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnPortfolioPrincipalAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnPortfolioProductAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnPortfolioShare, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnResourceUpdateConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnServiceAction, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnServiceActionAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnStackSetConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnTagOption, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnTagOptionAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalogappregistry.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalogappregistry.CfnAttributeGroup, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalogappregistry.CfnAttributeGroupAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalogappregistry.CfnResourceAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.AliasTargetInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnHttpNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnPrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnPublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnService, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CnameInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.HttpNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.InstanceBase, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IpInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.NonIpInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.PrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.PublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.Service, github.com/aws/aws-cdk-go/awscdk.aws_ses.AllowListReceiptFilter, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnConfigurationSet, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnConfigurationSetEventDestination, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnContactList, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnReceiptFilter, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnReceiptRule, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnTemplate, github.com/aws/aws-cdk-go/awscdk.aws_ses.DropSpamReceiptRule, github.com/aws/aws-cdk-go/awscdk.aws_ses.ReceiptFilter, github.com/aws/aws-cdk-go/awscdk.aws_ses.ReceiptRule, github.com/aws/aws-cdk-go/awscdk.aws_ses.ReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk.aws_ses.WhiteListReceiptFilter, github.com/aws/aws-cdk-go/awscdk.aws_signer.CfnProfilePermission, github.com/aws/aws-cdk-go/awscdk.aws_signer.CfnSigningProfile, github.com/aws/aws-cdk-go/awscdk.aws_signer.SigningProfile, github.com/aws/aws-cdk-go/awscdk.aws_sns.CfnSubscription, github.com/aws/aws-cdk-go/awscdk.aws_sns.CfnTopic, github.com/aws/aws-cdk-go/awscdk.aws_sns.CfnTopicPolicy, github.com/aws/aws-cdk-go/awscdk.aws_sns.Subscription, github.com/aws/aws-cdk-go/awscdk.aws_sns.Topic, github.com/aws/aws-cdk-go/awscdk.aws_sns.TopicBase, github.com/aws/aws-cdk-go/awscdk.aws_sns.TopicPolicy, github.com/aws/aws-cdk-go/awscdk.aws_sqs.CfnQueue, github.com/aws/aws-cdk-go/awscdk.aws_sqs.CfnQueuePolicy, github.com/aws/aws-cdk-go/awscdk.aws_sqs.Queue, github.com/aws/aws-cdk-go/awscdk.aws_sqs.QueueBase, github.com/aws/aws-cdk-go/awscdk.aws_sqs.QueuePolicy, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnDocument, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnMaintenanceWindow, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnMaintenanceWindowTarget, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnMaintenanceWindowTask, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnPatchBaseline, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnResourceDataSync, github.com/aws/aws-cdk-go/awscdk.aws_ssm.StringListParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssm.StringParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssmcontacts.CfnContact, github.com/aws/aws-cdk-go/awscdk.aws_ssmcontacts.CfnContactChannel, github.com/aws/aws-cdk-go/awscdk.aws_ssmincidents.CfnReplicationSet, github.com/aws/aws-cdk-go/awscdk.aws_ssmincidents.CfnResponsePlan, github.com/aws/aws-cdk-go/awscdk.aws_sso.CfnAssignment, github.com/aws/aws-cdk-go/awscdk.aws_sso.CfnInstanceAccessControlAttributeConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_sso.CfnPermissionSet, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Activity, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.CfnActivity, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.CfnStateMachine, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Choice, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.CustomState, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Fail, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Map, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Parallel, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Pass, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.State, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.StateMachine, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.StateMachineFragment, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Succeed, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Task, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.TaskStateBase, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Wait, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.AthenaGetQueryExecution, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.AthenaGetQueryResults, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.AthenaStartQueryExecution, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.AthenaStopQueryExecution, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.BatchSubmitJob, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.CallApiGatewayHttpApiEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.CallApiGatewayRestApiEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.CodeBuildStartBuild, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.DynamoDeleteItem, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.DynamoGetItem, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.DynamoPutItem, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.DynamoUpdateItem, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EcsRunTask, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EksCall, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrAddStep, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrCancelStep, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrCreateCluster, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrModifyInstanceFleetByName, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrModifyInstanceGroupByName, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrSetClusterTerminationProtection, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrTerminateCluster, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EvaluateExpression, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.GlueDataBrewStartJobRun, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.GlueStartJobRun, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.LambdaInvoke, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateEndpointConfig, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateModel, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateTrainingJob, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateTransformJob, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerUpdateEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SnsPublish, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SqsSendMessage, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.StepFunctionsInvokeActivity, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.StepFunctionsStartExecution, github.com/aws/aws-cdk-go/awscdk.aws_synthetics.Canary, github.com/aws/aws-cdk-go/awscdk.aws_synthetics.CfnCanary, github.com/aws/aws-cdk-go/awscdk.aws_timestream.CfnDatabase, github.com/aws/aws-cdk-go/awscdk.aws_timestream.CfnTable, github.com/aws/aws-cdk-go/awscdk.aws_transfer.CfnServer, github.com/aws/aws-cdk-go/awscdk.aws_transfer.CfnUser, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnByteMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnIPSet, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnRule, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnSizeConstraintSet, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnSqlInjectionMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnWebACL, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnXssMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnByteMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnGeoMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnIPSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnRateBasedRule, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnRegexPatternSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnRule, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnSizeConstraintSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnSqlInjectionMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnWebACL, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnWebACLAssociation, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnXssMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnIPSet, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnRegexPatternSet, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnRuleGroup, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnWebACL, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnWebACLAssociation, github.com/aws/aws-cdk-go/awscdk.aws_workspaces.CfnConnectionAlias, github.com/aws/aws-cdk-go/awscdk.aws_workspaces.CfnWorkspace, github.com/aws/aws-cdk-go/awscdk.aws_xray.CfnGroup, github.com/aws/aws-cdk-go/awscdk.aws_xray.CfnSamplingRule, github.com/aws/aws-cdk-go/awscdk.cloudformation_include.CfnInclude, github.com/aws/aws-cdk-go/awscdk.custom_resources.AwsCustomResource, github.com/aws/aws-cdk-go/awscdk.custom_resources.Provider, github.com/aws/aws-cdk-go/awscdk.lambda_layer_awscli.AwsCliLayer, github.com/aws/aws-cdk-go/awscdk.lambda_layer_kubectl.KubectlLayer, github.com/aws/aws-cdk-go/awscdk.pipelines.CdkPipeline, github.com/aws/aws-cdk-go/awscdk.pipelines.CdkStage, github.com/aws/aws-cdk-go/awscdk.pipelines.PublishAssetsAction, github.com/aws/aws-cdk-go/awscdk.pipelines.UpdatePipelineAction, github.com/aws/aws-cdk-go/awscdk.App, github.com/aws/aws-cdk-go/awscdk.AssetStaging, github.com/aws/aws-cdk-go/awscdk.CfnCodeDeployBlueGreenHook, github.com/aws/aws-cdk-go/awscdk.CfnCondition, github.com/aws/aws-cdk-go/awscdk.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk.CfnElement, github.com/aws/aws-cdk-go/awscdk.CfnHook, github.com/aws/aws-cdk-go/awscdk.CfnInclude, github.com/aws/aws-cdk-go/awscdk.CfnJson, github.com/aws/aws-cdk-go/awscdk.CfnMacro, github.com/aws/aws-cdk-go/awscdk.CfnMapping, github.com/aws/aws-cdk-go/awscdk.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk.CfnOutput, github.com/aws/aws-cdk-go/awscdk.CfnParameter, github.com/aws/aws-cdk-go/awscdk.CfnRefElement, github.com/aws/aws-cdk-go/awscdk.CfnResource, github.com/aws/aws-cdk-go/awscdk.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk.CfnRule, github.com/aws/aws-cdk-go/awscdk.CfnStack, github.com/aws/aws-cdk-go/awscdk.CfnStackSet, github.com/aws/aws-cdk-go/awscdk.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk.Construct, github.com/aws/aws-cdk-go/awscdk.CustomResource, github.com/aws/aws-cdk-go/awscdk.CustomResourceProvider, github.com/aws/aws-cdk-go/awscdk.NestedStack, github.com/aws/aws-cdk-go/awscdk.Resource, github.com/aws/aws-cdk-go/awscdk.Stack, github.com/aws/aws-cdk-go/awscdk.Stage, github.com/aws/aws-cdk-go/awscdkawsecr.IRepository, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.IEventBus, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.IRule, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IGroup, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IIdentity, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IOpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IResourceWithPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IRole, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.ISamlProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IUser, github.com/aws/aws-cdk-go/awscdk/awscdkcore.IConstruct, github.com/aws/aws-cdk-go/awscdk/awscdkcore.IResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_acmpca.ICertificateAuthority, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IDomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IGatewayResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IRequestValidator, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IRestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IStage, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IVpcLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.IScalableTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.IAutoScalingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.ILifecycleHook, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.IBackupPlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.IBackupVault, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.ICertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_chatbot.ISlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.IDistribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.IKeyGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.IOriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.IPublicKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.IAlarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.IProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.IReportGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codecommit.IRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.IEcsApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.IEcsDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ILambdaApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ILambdaDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.IServerApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.IServerDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeguruprofiler.IProfilingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.IPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline_actions.IJenkinsProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPoolClient, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPoolDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPoolIdentityProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.IRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.IClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_dynamodb.ITable, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IFlowLog, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IGatewayVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IInterfaceVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ILaunchTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.INetworkAcl, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.INetworkAclEntry, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IPrivateSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IPublicSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVolume, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpcEndpointService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpnGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.IRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IBaseService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.ICluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IEc2TaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IFargateTaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.ITaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.IAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.IFileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ICluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.INodegroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.IApplicationListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.IApplicationLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.IApplicationTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ILoadBalancerV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.INetworkListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.INetworkLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.INetworkTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ITargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticsearch.IDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.IEventBus, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.IRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.IAccelerator, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.IEndpointGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.IListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IResourceWithPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.ISamlProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesis.IStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ICodeSigningConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IEventSourceMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IScalableFunctionAttribute, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.ILogGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.ILogStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IDatabaseProxy, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IOptionGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IServerlessCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.ISubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.IHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.IPrivateHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.IPublicHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.IRecordSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.IBucket, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.ISecret, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.ISecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IHttpNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.INamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IPrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IPublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.IReceiptRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.IReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_signer.ISigningProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.ITopic, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.IQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.IParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.IStringListParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.IStringParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.IActivity, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.IStateMachine, github.com/aws/aws-cdk-go/awscdk/v2.IResource, IConstruct, github.com/aws/aws-cdk-go/awscdk.aws_acmpca.ICertificateAuthority, github.com/aws/aws-cdk-go/awscdk.aws_amplify.IApp, github.com/aws/aws-cdk-go/awscdk.aws_amplify.IBranch, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IApiKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IDomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IGatewayResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IRequestValidator, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IResource, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IRestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IStage, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IVpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IApiMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IDomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpStage, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IStage, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IVpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IWebSocketApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IWebSocketIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IWebSocketRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IWebSocketStage, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.IScalableTarget, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IGatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IMesh, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IVirtualGateway, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IVirtualNode, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IVirtualRouter, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IVirtualService, github.com/aws/aws-cdk-go/awscdk.aws_appsync.IAppsyncFunction, github.com/aws/aws-cdk-go/awscdk.aws_appsync.IGraphqlApi, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.IAutoScalingGroup, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.ILifecycleHook, github.com/aws/aws-cdk-go/awscdk.aws_backup.IBackupPlan, github.com/aws/aws-cdk-go/awscdk.aws_backup.IBackupVault, github.com/aws/aws-cdk-go/awscdk.aws_batch.IComputeEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_batch.IJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_batch.IJobQueue, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.ICertificate, github.com/aws/aws-cdk-go/awscdk.aws_chatbot.ISlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_cloud9.IEc2Environment, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.IDistribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.IKeyGroup, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.IOriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.IPublicKey, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.IAlarm, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.IProject, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.IReportGroup, github.com/aws/aws-cdk-go/awscdk.aws_codecommit.IRepository, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.IEcsApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.IEcsDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ILambdaApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ILambdaDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.IServerApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.IServerDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codeguruprofiler.IProfilingGroup, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.IPipeline, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline_actions.IJenkinsProvider, github.com/aws/aws-cdk-go/awscdk.aws_codestar.IGitHubRepository, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPool, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPoolClient, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPoolDomain, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPoolIdentityProvider, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk.aws_config.IRule, github.com/aws/aws-cdk-go/awscdk.aws_docdb.IClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_docdb.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_docdb.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_dynamodb.ITable, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IFlowLog, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IGatewayVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IInstance, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IInterfaceVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ILaunchTemplate, github.com/aws/aws-cdk-go/awscdk.aws_ec2.INetworkAcl, github.com/aws/aws-cdk-go/awscdk.aws_ec2.INetworkAclEntry, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IPrivateSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IPublicSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVolume, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpcEndpointService, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpnConnection, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpnGateway, github.com/aws/aws-cdk-go/awscdk.aws_ecr.IRepository, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IBaseService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IEc2TaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IFargateTaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.ITaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_efs.IAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_efs.IFileSystem, github.com/aws/aws-cdk-go/awscdk.aws_eks.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_eks.INodegroup, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.IApplicationListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.IApplicationLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.IApplicationTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ILoadBalancerV2, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.INetworkListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.INetworkLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.INetworkTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ITargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticsearch.IDomain, github.com/aws/aws-cdk-go/awscdk.aws_events.IEventBus, github.com/aws/aws-cdk-go/awscdk.aws_events.IRule, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.IAccelerator, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.IEndpointGroup, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.IListener, github.com/aws/aws-cdk-go/awscdk.aws_glue.IConnection, github.com/aws/aws-cdk-go/awscdk.aws_glue.IDatabase, github.com/aws/aws-cdk-go/awscdk.aws_glue.ISecurityConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_glue.ITable, github.com/aws/aws-cdk-go/awscdk.aws_iam.IGroup, github.com/aws/aws-cdk-go/awscdk.aws_iam.IIdentity, github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.IPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.IResourceWithPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, github.com/aws/aws-cdk-go/awscdk.aws_iam.ISamlProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.IUser, github.com/aws/aws-cdk-go/awscdk.aws_ivs.IChannel, github.com/aws/aws-cdk-go/awscdk.aws_ivs.IPlaybackKeyPair, github.com/aws/aws-cdk-go/awscdk.aws_ivs.IStreamKey, github.com/aws/aws-cdk-go/awscdk.aws_kinesis.IStream, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics_flink.IApplication, github.com/aws/aws-cdk-go/awscdk.aws_kms.IAlias, github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IAlias, github.com/aws/aws-cdk-go/awscdk.aws_lambda.ICodeSigningConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IEventSourceMapping, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IScalableFunctionAttribute, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IVersion, github.com/aws/aws-cdk-go/awscdk.aws_logs.ILogGroup, github.com/aws/aws-cdk-go/awscdk.aws_logs.ILogStream, github.com/aws/aws-cdk-go/awscdk.aws_msk.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_neptune.IClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_neptune.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_neptune.IParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.ISubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_rds.IDatabaseProxy, github.com/aws/aws-cdk-go/awscdk.aws_rds.IOptionGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.IParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.IServerlessCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.ISubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_redshift.IClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.IClusterSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_route53.IHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.IPrivateHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.IPublicHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.IRecordSet, github.com/aws/aws-cdk-go/awscdk.aws_s3.IBucket, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.ISecret, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.ISecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IHttpNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.INamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IPrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IPublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IService, github.com/aws/aws-cdk-go/awscdk.aws_ses.IReceiptRule, github.com/aws/aws-cdk-go/awscdk.aws_ses.IReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk.aws_signer.ISigningProfile, github.com/aws/aws-cdk-go/awscdk.aws_sns.ITopic, github.com/aws/aws-cdk-go/awscdk.aws_sqs.IQueue, github.com/aws/aws-cdk-go/awscdk.aws_ssm.IParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssm.IStringListParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssm.IStringParameter, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.IActivity, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.IStateMachine, github.com/aws/aws-cdk-go/awscdk.IConstruct, github.com/aws/aws-cdk-go/awscdk.IResource Represents a construct. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | Node | The tree node. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* Node The tree node. --- ### IDependable - *Implemented By:* github.com/aws/aws-cdk-go/awscdkawsecr.CfnPublicRepository, github.com/aws/aws-cdk-go/awscdkawsecr.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdkawsecr.CfnReplicationConfiguration, github.com/aws/aws-cdk-go/awscdkawsecr.CfnRepository, github.com/aws/aws-cdk-go/awscdkawsecr.Repository, github.com/aws/aws-cdk-go/awscdkawsecr.RepositoryBase, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.Archive, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnApiDestination, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnArchive, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnConnection, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnEventBus, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnEventBusPolicy, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.CfnRule, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.EventBus, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.Rule, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnAccessKey, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnGroup, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnInstanceProfile, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnManagedPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnOIDCProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnRole, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnSAMLProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnServerCertificate, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnServiceLinkedRole, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnUser, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnUserToGroupAddition, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.CfnVirtualMFADevice, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.Group, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.LazyRole, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.ManagedPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.Policy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.Role, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.SamlProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.User, github.com/aws/aws-cdk-go/awscdk/awscdkcore.App, github.com/aws/aws-cdk-go/awscdk/awscdkcore.AssetStaging, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnCodeDeployBlueGreenHook, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnCondition, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnElement, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnHook, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnInclude, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnJson, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnMacro, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnMapping, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnOutput, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnParameter, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnRefElement, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnResource, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnRule, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnStack, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnStackSet, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk/awscdkcore.Construct, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CustomResource, github.com/aws/aws-cdk-go/awscdk/awscdkcore.CustomResourceProvider, github.com/aws/aws-cdk-go/awscdk/awscdkcore.NestedStack, github.com/aws/aws-cdk-go/awscdk/awscdkcore.Resource, github.com/aws/aws-cdk-go/awscdk/awscdkcore.Stack, github.com/aws/aws-cdk-go/awscdk/awscdkcore.Stage, github.com/aws/aws-cdk-go/awscdk/v2.alexa_ask.CfnSkill, github.com/aws/aws-cdk-go/awscdk/v2.aws_accessanalyzer.CfnAnalyzer, github.com/aws/aws-cdk-go/awscdk/v2.aws_acmpca.CfnCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_acmpca.CfnCertificateAuthority, github.com/aws/aws-cdk-go/awscdk/v2.aws_acmpca.CfnCertificateAuthorityActivation, github.com/aws/aws-cdk-go/awscdk/v2.aws_amazonmq.CfnBroker, github.com/aws/aws-cdk-go/awscdk/v2.aws_amazonmq.CfnConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_amazonmq.CfnConfigurationAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_amplify.CfnApp, github.com/aws/aws-cdk-go/awscdk/v2.aws_amplify.CfnBranch, github.com/aws/aws-cdk-go/awscdk/v2.aws_amplify.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.ApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Authorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.BasePathMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnAccount, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnBasePathMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnClientCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnDeployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnDocumentationPart, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnDocumentationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnDomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnGatewayResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnMethod, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnRequestValidator, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnRestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnStage, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnUsagePlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnUsagePlanKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CfnVpcLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.CognitoUserPoolsAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Deployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.DomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.GatewayResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.LambdaRestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Method, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Model, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.ProxyResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RateLimitedApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RequestAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RequestValidator, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Resource, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.ResourceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.RestApiBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.SpecRestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.Stage, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.TokenAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.UsagePlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.VpcLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnApiGatewayManagedOverrides, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnApiMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnDeployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnDomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnIntegration, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnIntegrationResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnRouteResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnStage, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigatewayv2.CfnVpcLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnConfigurationProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnDeployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnDeploymentStrategy, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_appconfig.CfnHostedConfigurationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_appflow.CfnConnectorProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_appflow.CfnFlow, github.com/aws/aws-cdk-go/awscdk/v2.aws_appintegrations.CfnEventIntegration, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.BaseScalableAttribute, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.CfnScalableTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.CfnScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.ScalableTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.StepScalingAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.StepScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.TargetTrackingScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationinsights.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnGatewayRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnMesh, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnVirtualGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnVirtualNode, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnVirtualRouter, github.com/aws/aws-cdk-go/awscdk/v2.aws_appmesh.CfnVirtualService, github.com/aws/aws-cdk-go/awscdk/v2.aws_apprunner.CfnService, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnDirectoryConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnImageBuilder, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnStack, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnStackFleetAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnStackUserAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_appstream.CfnUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnApiCache, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnDataSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnFunctionConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnGraphQLApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnGraphQLSchema, github.com/aws/aws-cdk-go/awscdk/v2.aws_appsync.CfnResolver, github.com/aws/aws-cdk-go/awscdk/v2.aws_athena.CfnDataCatalog, github.com/aws/aws-cdk-go/awscdk/v2.aws_athena.CfnNamedQuery, github.com/aws/aws-cdk-go/awscdk/v2.aws_athena.CfnWorkGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_auditmanager.CfnAssessment, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.AutoScalingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnAutoScalingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnLaunchConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnLifecycleHook, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnScheduledAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.CfnWarmPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.LifecycleHook, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.ScheduledAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.StepScalingAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.StepScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.TargetTrackingScalingPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscalingplans.CfnScalingPlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.BackupPlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.BackupSelection, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.BackupVault, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.CfnBackupPlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.CfnBackupSelection, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.CfnBackupVault, github.com/aws/aws-cdk-go/awscdk/v2.aws_batch.CfnComputeEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_batch.CfnJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_batch.CfnJobQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_budgets.CfnBudget, github.com/aws/aws-cdk-go/awscdk/v2.aws_budgets.CfnBudgetsAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_cassandra.CfnKeyspace, github.com/aws/aws-cdk-go/awscdk/v2.aws_cassandra.CfnTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_ce.CfnAnomalyMonitor, github.com/aws/aws-cdk-go/awscdk/v2.aws_ce.CfnAnomalySubscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_ce.CfnCostCategory, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.Certificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.CfnAccount, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.CfnCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.DnsValidatedCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_chatbot.CfnSlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_chatbot.SlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloud9.CfnEnvironmentEC2, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnMacro, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnStack, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnStackSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudformation.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.experimental.EdgeFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CachePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnCachePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnCloudFrontOriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnDistribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnKeyGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnOriginRequestPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnPublicKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnRealtimeLogConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CfnStreamingDistribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.CloudFrontWebDistribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.Distribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.KeyGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.OriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.OriginRequestPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.PublicKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudtrail.CfnTrail, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudtrail.Trail, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.Alarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.AlarmBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnAlarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnAnomalyDetector, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnCompositeAlarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnDashboard, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnInsightRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CfnMetricStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.CompositeAlarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.Dashboard, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeartifact.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeartifact.CfnRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.BitBucketSourceCredentials, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.CfnReportGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.CfnSourceCredential, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.GitHubEnterpriseSourceCredentials, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.GitHubSourceCredentials, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.PipelineProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.Project, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.ReportGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.UntrustedCodeBoundaryPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_codecommit.CfnRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codecommit.Repository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.CfnDeploymentConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.CfnDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.CustomLambdaDeploymentConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.EcsApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.LambdaApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.LambdaDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ServerApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ServerDeploymentConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ServerDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeguruprofiler.CfnProfilingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeguruprofiler.ProfilingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codegurureviewer.CfnRepositoryAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.CfnCustomActionType, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.CfnPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.CfnWebhook, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.Pipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline_actions.BaseJenkinsProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline_actions.JenkinsProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_codestar.CfnGitHubRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codestarconnections.CfnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_codestarnotifications.CfnNotificationRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnIdentityPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnIdentityPoolRoleAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolClient, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolIdentityProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolRiskConfigurationAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolUICustomizationAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.CfnUserPoolUserToGroupAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolClient, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolIdentityProviderAmazon, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolIdentityProviderApple, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolIdentityProviderFacebook, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolIdentityProviderGoogle, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.UserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.AccessKeysRotated, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnAggregationAuthorization, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnConfigRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnConfigurationAggregator, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnConfigurationRecorder, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnConformancePack, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnDeliveryChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnOrganizationConfigRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnOrganizationConformancePack, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnRemediationConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CfnStoredQuery, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CloudFormationStackDriftDetectionCheck, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CloudFormationStackNotificationCheck, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.CustomRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.ManagedRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_customerprofiles.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_customerprofiles.CfnIntegration, github.com/aws/aws-cdk-go/awscdk/v2.aws_customerprofiles.CfnObjectType, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnDataset, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnRecipe, github.com/aws/aws-cdk-go/awscdk/v2.aws_databrew.CfnSchedule, github.com/aws/aws-cdk-go/awscdk/v2.aws_datapipeline.CfnPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnAgent, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationEFS, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationFSxWindows, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationNFS, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationObjectStorage, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationS3, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnLocationSMB, github.com/aws/aws-cdk-go/awscdk/v2.aws_datasync.CfnTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_dax.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_dax.CfnParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_dax.CfnSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_detective.CfnGraph, github.com/aws/aws-cdk-go/awscdk/v2.aws_detective.CfnMemberInvitation, github.com/aws/aws-cdk-go/awscdk/v2.aws_devopsguru.CfnNotificationChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_devopsguru.CfnResourceCollection, github.com/aws/aws-cdk-go/awscdk/v2.aws_directoryservice.CfnMicrosoftAD, github.com/aws/aws-cdk-go/awscdk/v2.aws_directoryservice.CfnSimpleAD, github.com/aws/aws-cdk-go/awscdk/v2.aws_dlm.CfnLifecyclePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnEventSubscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnReplicationInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnReplicationSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_dms.CfnReplicationTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.ClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk/v2.aws_dynamodb.CfnGlobalTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_dynamodb.CfnTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_dynamodb.Table, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.BastionHostLinux, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnCapacityReservation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnCarrierGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnClientVpnAuthorizationRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnClientVpnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnClientVpnTargetNetworkAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnCustomerGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnDHCPOptions, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEC2Fleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEIP, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEIPAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEgressOnlyInternetGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnEnclaveCertificateIamRoleAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnFlowLog, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnGatewayRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnHost, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnInternetGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnLaunchTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnLocalGatewayRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnLocalGatewayRouteTableVPCAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNatGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkAcl, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkAclEntry, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInsightsAnalysis, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInsightsPath, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInterface, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInterfaceAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnNetworkInterfacePermission, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnPlacementGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnPrefixList, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnRouteTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSecurityGroupEgress, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSpotFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSubnetCidrBlock, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnSubnetRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTrafficMirrorFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTrafficMirrorFilterRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTrafficMirrorSession, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTrafficMirrorTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayConnect, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayMulticastDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayMulticastDomainAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayMulticastGroupMember, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayMulticastGroupSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayPeeringAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayRouteTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnTransitGatewayRouteTablePropagation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPC, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCCidrBlock, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCDHCPOptionsAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCEndpointConnectionNotification, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCEndpointService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCEndpointServicePermissions, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCGatewayAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPCPeeringConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPNConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPNConnectionRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPNGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVPNGatewayRoutePropagation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVolume, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.CfnVolumeAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ClientVpnAuthorizationRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ClientVpnRoute, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.FlowLog, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.GatewayVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Instance, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InterfaceVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.LaunchTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.NetworkAcl, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.NetworkAclEntry, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.PrivateSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.PublicSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Subnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Volume, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Vpc, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.VpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.VpcEndpointService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.VpnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.VpnGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.CfnPublicRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.CfnReplicationConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.CfnRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.Repository, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.RepositoryBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr_assets.DockerImageAsset, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.AsgCapacityProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.BaseService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnCapacityProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnClusterCapacityProviderAssociations, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnPrimaryTaskSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnTaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.CfnTaskSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.Cluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.ContainerDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.Ec2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.Ec2TaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.FargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.FargateTaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.FirelensLogRouter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.LinuxParameters, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.ScalableTaskCount, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.TaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationLoadBalancedEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationLoadBalancedFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationLoadBalancedServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationMultipleTargetGroupsEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationMultipleTargetGroupsFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ApplicationMultipleTargetGroupsServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkLoadBalancedEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkLoadBalancedFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkLoadBalancedServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkMultipleTargetGroupsEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkMultipleTargetGroupsFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.NetworkMultipleTargetGroupsServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.QueueProcessingEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.QueueProcessingFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.QueueProcessingServiceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ScheduledEc2Task, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ScheduledFargateTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs_patterns.ScheduledTaskBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.AccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.CfnFileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.CfnMountTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.FileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.AwsAuth, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CfnAddon, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CfnFargateProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CfnNodegroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.Cluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.FargateCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.FargateProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.HelmChart, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesManifest, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesObjectValue, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesPatch, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.Nodegroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ServiceAccount, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnCacheCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnGlobalReplicationGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnReplicationGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticache.CfnUserGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticbeanstalk.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticbeanstalk.CfnApplicationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticbeanstalk.CfnConfigurationTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticbeanstalk.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancing.CfnLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancing.LoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationListenerCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationListenerRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ApplicationTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.BaseListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.BaseLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnListenerCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnListenerRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.CfnTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.NetworkListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.NetworkLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.NetworkTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.TargetGroupBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticsearch.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticsearch.Domain, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnInstanceFleetConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnInstanceGroupConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnSecurityConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnStep, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnStudio, github.com/aws/aws-cdk-go/awscdk/v2.aws_emr.CfnStudioSessionMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_emrcontainers.CfnVirtualCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.Archive, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnApiDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnArchive, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnEventBus, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnEventBusPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.CfnRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.EventBus, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.Rule, github.com/aws/aws-cdk-go/awscdk/v2.aws_eventschemas.CfnDiscoverer, github.com/aws/aws-cdk-go/awscdk/v2.aws_eventschemas.CfnRegistry, github.com/aws/aws-cdk-go/awscdk/v2.aws_eventschemas.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_eventschemas.CfnSchema, github.com/aws/aws-cdk-go/awscdk/v2.aws_finspace.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_fis.CfnExperimentTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_fms.CfnNotificationChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_fms.CfnPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnDetector, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnEntityType, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnEventType, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnLabel, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnOutcome, github.com/aws/aws-cdk-go/awscdk/v2.aws_frauddetector.CfnVariable, github.com/aws/aws-cdk-go/awscdk/v2.aws_fsx.CfnFileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_fsx.FileSystemBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_fsx.LustreFileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnBuild, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnGameServerGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnGameSessionQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnMatchmakingConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnMatchmakingRuleSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_gamelift.CfnScript, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.Accelerator, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.CfnAccelerator, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.CfnEndpointGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.CfnListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.EndpointGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.Listener, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnClassifier, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnCrawler, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnDataCatalogEncryptionSettings, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnDatabase, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnDevEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnMLTransform, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnPartition, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnRegistry, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnSchema, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnSchemaVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnSchemaVersionMetadata, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnSecurityConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnTrigger, github.com/aws/aws-cdk-go/awscdk/v2.aws_glue.CfnWorkflow, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnConnectorDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnConnectorDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnCoreDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnCoreDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnDeviceDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnDeviceDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnFunctionDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnFunctionDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnGroupVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnLoggerDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnLoggerDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnResourceDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnResourceDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnSubscriptionDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrass.CfnSubscriptionDefinitionVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_greengrassv2.CfnComponentVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_groundstation.CfnConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_groundstation.CfnDataflowEndpointGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_groundstation.CfnMissionProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnDetector, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnIPSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnMaster, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnMember, github.com/aws/aws-cdk-go/awscdk/v2.aws_guardduty.CfnThreatIntelSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnAccessKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnInstanceProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnManagedPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnOIDCProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnRole, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnSAMLProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnServerCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnServiceLinkedRole, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnUserToGroupAddition, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CfnVirtualMFADevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.CompositeDependable, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Grant, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Group, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.LazyRole, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.ManagedPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Policy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Role, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.SamlProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.User, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnComponent, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnContainerRecipe, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnDistributionConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnImage, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnImagePipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnImageRecipe, github.com/aws/aws-cdk-go/awscdk/v2.aws_imagebuilder.CfnInfrastructureConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_inspector.CfnAssessmentTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_inspector.CfnAssessmentTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_inspector.CfnResourceGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnAccountAuditConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnCertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnCustomMetric, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnDimension, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnDomainConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnMitigationAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnPolicyPrincipalAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnProvisioningTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnScheduledAudit, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnSecurityProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnThing, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnThingPrincipalAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnTopicRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot.CfnTopicRuleDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot1click.CfnDevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot1click.CfnPlacement, github.com/aws/aws-cdk-go/awscdk/v2.aws_iot1click.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotanalytics.CfnChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotanalytics.CfnDataset, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotanalytics.CfnDatastore, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotanalytics.CfnPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotcoredeviceadvisor.CfnSuiteDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotevents.CfnDetectorModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotevents.CfnInput, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotfleethub.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnAccessPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnAsset, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnAssetModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnDashboard, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnPortal, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotsitewise.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotthingsgraph.CfnFlowTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnDeviceProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnPartnerAccount, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnServiceProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnTaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnWirelessDevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_iotwireless.CfnWirelessGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ivs.CfnChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_ivs.CfnPlaybackKeyPair, github.com/aws/aws-cdk-go/awscdk/v2.aws_ivs.CfnRecordingConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_ivs.CfnStreamKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_kendra.CfnDataSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_kendra.CfnFaq, github.com/aws/aws-cdk-go/awscdk/v2.aws_kendra.CfnIndex, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesis.CfnStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesis.CfnStreamConsumer, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesis.Stream, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationOutput, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationOutputV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationReferenceDataSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationReferenceDataSourceV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisanalytics.CfnApplicationV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesisfirehose.CfnDeliveryStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.Alias, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.CfnAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.CfnKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.Key, github.com/aws/aws-cdk-go/awscdk/v2.aws_lakeformation.CfnDataLakeSettings, github.com/aws/aws-cdk-go/awscdk/v2.aws_lakeformation.CfnPermissions, github.com/aws/aws-cdk-go/awscdk/v2.aws_lakeformation.CfnResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.Alias, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnCodeSigningConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnEventInvokeConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnEventSourceMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnLayerVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnLayerVersionPermission, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnPermission, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CfnVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.CodeSigningConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.DockerImageFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.EventInvokeConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.EventSourceMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.Function, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.FunctionBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.LayerVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.QualifiedFunctionBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.SingletonFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.Version, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda_nodejs.NodejsFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_licensemanager.CfnGrant, github.com/aws/aws-cdk-go/awscdk/v2.aws_licensemanager.CfnLicense, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnLogGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnLogStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnMetricFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnQueryDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CfnSubscriptionFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.CrossAccountDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.LogGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.LogRetention, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.LogStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.MetricFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.SubscriptionFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_lookoutmetrics.CfnAlert, github.com/aws/aws-cdk-go/awscdk/v2.aws_lookoutmetrics.CfnAnomalyDetector, github.com/aws/aws-cdk-go/awscdk/v2.aws_lookoutvision.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_macie.CfnCustomDataIdentifier, github.com/aws/aws-cdk-go/awscdk/v2.aws_macie.CfnFindingsFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_macie.CfnSession, github.com/aws/aws-cdk-go/awscdk/v2.aws_managedblockchain.CfnMember, github.com/aws/aws-cdk-go/awscdk/v2.aws_managedblockchain.CfnNode, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlow, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlowEntitlement, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlowOutput, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlowSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconnect.CfnFlowVpcInterface, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconvert.CfnJobTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconvert.CfnPreset, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediaconvert.CfnQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_medialive.CfnChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_medialive.CfnInput, github.com/aws/aws-cdk-go/awscdk/v2.aws_medialive.CfnInputSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnAsset, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnOriginEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnPackagingConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediapackage.CfnPackagingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_mediastore.CfnContainer, github.com/aws/aws-cdk-go/awscdk/v2.aws_msk.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_mwaa.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_neptune.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkfirewall.CfnFirewall, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkfirewall.CfnFirewallPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkfirewall.CfnLoggingConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkfirewall.CfnRuleGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnCustomerGatewayAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnDevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnGlobalNetwork, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnLinkAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnSite, github.com/aws/aws-cdk-go/awscdk/v2.aws_networkmanager.CfnTransitGatewayRegistration, github.com/aws/aws-cdk-go/awscdk/v2.aws_nimblestudio.CfnLaunchProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_nimblestudio.CfnStreamingImage, github.com/aws/aws-cdk-go/awscdk/v2.aws_nimblestudio.CfnStudio, github.com/aws/aws-cdk-go/awscdk/v2.aws_nimblestudio.CfnStudioComponent, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnApp, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnElasticLoadBalancerAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnLayer, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnStack, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnUserProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworks.CfnVolume, github.com/aws/aws-cdk-go/awscdk/v2.aws_opsworkscm.CfnServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnADMChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnAPNSChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnAPNSSandboxChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnAPNSVoipChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnAPNSVoipSandboxChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnApp, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnApplicationSettings, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnBaiduChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnCampaign, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnEmailChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnEmailTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnEventStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnGCMChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnPushTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnSMSChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnSegment, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnSmsTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpoint.CfnVoiceChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpointemail.CfnConfigurationSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpointemail.CfnConfigurationSetEventDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpointemail.CfnDedicatedIpPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_pinpointemail.CfnIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_qldb.CfnLedger, github.com/aws/aws-cdk-go/awscdk/v2.aws_qldb.CfnStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnAnalysis, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnDashboard, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnDataSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnDataSource, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_quicksight.CfnTheme, github.com/aws/aws-cdk-go/awscdk/v2.aws_ram.CfnResourceShare, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBProxy, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBProxyEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBProxyTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnEventSubscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnGlobalCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.CfnOptionGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseClusterBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseClusterFromSnapshot, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseInstanceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseInstanceFromSnapshot, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseInstanceReadReplica, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseProxy, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.OptionGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.ParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.ServerlessCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.SubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnClusterSecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnClusterSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk/v2.aws_redshift.CfnClusterSubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_resourcegroups.CfnGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnRobot, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnRobotApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnRobotApplicationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnSimulationApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_robomaker.CfnSimulationApplicationVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.ARecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.AaaaRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CaaAmazonRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CaaRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnDNSSEC, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnHealthCheck, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnKeySigningKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnRecordSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CfnRecordSetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CnameRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.CrossAccountZoneDelegationRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.HostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.MxRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.NsRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.PrivateHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.PublicHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.RecordSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.SrvRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.TxtRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.VpcEndpointServiceDomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.ZoneDelegationRecord, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53_patterns.HttpsRedirect, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnFirewallDomainList, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnFirewallRuleGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnFirewallRuleGroupAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverDNSSECConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverQueryLoggingConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverQueryLoggingConfigAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53resolver.CfnResolverRuleAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.Bucket, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.BucketPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.CfnBucket, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.CfnBucketPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.CfnStorageLens, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3_assets.Asset, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3_deployment.BucketDeployment, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3objectlambda.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3objectlambda.CfnAccessPointPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3outposts.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3outposts.CfnBucket, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3outposts.CfnBucketPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3outposts.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnApp, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnAppImageConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnCodeRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnDataQualityJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnDevice, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnDeviceFleet, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnEndpointConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnFeatureGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnImage, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnImageVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModelBiasJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModelExplainabilityJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModelPackageGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnModelQualityJobDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnMonitoringSchedule, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnNotebookInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnNotebookInstanceLifecycleConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnUserProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_sagemaker.CfnWorkteam, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnLayerVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnSimpleTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_sam.CfnStateMachine, github.com/aws/aws-cdk-go/awscdk/v2.aws_sdb.CfnDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.CfnResourcePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.CfnRotationSchedule, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.CfnSecret, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.CfnSecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.ResourcePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.RotationSchedule, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.Secret, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.SecretRotation, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.SecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_securityhub.CfnHub, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnAcceptedPortfolioShare, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnCloudFormationProduct, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnCloudFormationProvisionedProduct, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnLaunchNotificationConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnLaunchRoleConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnLaunchTemplateConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnPortfolio, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnPortfolioPrincipalAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnPortfolioProductAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnPortfolioShare, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnResourceUpdateConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnServiceAction, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnServiceActionAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnStackSetConstraint, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnTagOption, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalog.CfnTagOptionAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalogappregistry.CfnApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalogappregistry.CfnAttributeGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalogappregistry.CfnAttributeGroupAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicecatalogappregistry.CfnResourceAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.AliasTargetInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnHttpNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnPrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnPublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CfnService, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.CnameInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.HttpNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.InstanceBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IpInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.NonIpInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.PrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.PublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.AllowListReceiptFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnConfigurationSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnConfigurationSetEventDestination, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnContactList, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnReceiptFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnReceiptRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.CfnTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.DropSpamReceiptRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.ReceiptFilter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.ReceiptRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.ReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_signer.CfnProfilePermission, github.com/aws/aws-cdk-go/awscdk/v2.aws_signer.CfnSigningProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_signer.SigningProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.CfnSubscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.CfnTopic, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.CfnTopicPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.Subscription, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.Topic, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.TopicBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.TopicPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.CfnQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.CfnQueuePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.Queue, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.QueueBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.QueuePolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnDocument, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnMaintenanceWindow, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnMaintenanceWindowTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnMaintenanceWindowTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnPatchBaseline, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.CfnResourceDataSync, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.StringListParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.StringParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssmcontacts.CfnContact, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssmcontacts.CfnContactChannel, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssmincidents.CfnReplicationSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssmincidents.CfnResponsePlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_sso.CfnAssignment, github.com/aws/aws-cdk-go/awscdk/v2.aws_sso.CfnInstanceAccessControlAttributeConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_sso.CfnPermissionSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Activity, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.CfnActivity, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.CfnStateMachine, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Choice, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.CustomState, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Fail, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Map, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Parallel, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Pass, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.State, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.StateMachine, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.StateMachineFragment, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Succeed, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.TaskStateBase, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.Wait, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.AthenaGetQueryExecution, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.AthenaGetQueryResults, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.AthenaStartQueryExecution, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.AthenaStopQueryExecution, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.BatchSubmitJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.CallApiGatewayHttpApiEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.CallApiGatewayRestApiEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.CodeBuildStartBuild, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.DynamoDeleteItem, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.DynamoGetItem, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.DynamoPutItem, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.DynamoUpdateItem, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EcsRunTask, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EksCall, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrAddStep, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrCancelStep, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrCreateCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrModifyInstanceFleetByName, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrModifyInstanceGroupByName, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrSetClusterTerminationProtection, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EmrTerminateCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.EvaluateExpression, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.GlueDataBrewStartJobRun, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.GlueStartJobRun, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.LambdaInvoke, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateEndpointConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateModel, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateTrainingJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerCreateTransformJob, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SageMakerUpdateEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SnsPublish, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.SqsSendMessage, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.StepFunctionsInvokeActivity, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions_tasks.StepFunctionsStartExecution, github.com/aws/aws-cdk-go/awscdk/v2.aws_synthetics.CfnCanary, github.com/aws/aws-cdk-go/awscdk/v2.aws_timestream.CfnDatabase, github.com/aws/aws-cdk-go/awscdk/v2.aws_timestream.CfnTable, github.com/aws/aws-cdk-go/awscdk/v2.aws_transfer.CfnServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_transfer.CfnUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnByteMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnIPSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnSizeConstraintSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnSqlInjectionMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnWebACL, github.com/aws/aws-cdk-go/awscdk/v2.aws_waf.CfnXssMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnByteMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnGeoMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnIPSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnRateBasedRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnRegexPatternSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnSizeConstraintSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnSqlInjectionMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnWebACL, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnWebACLAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafregional.CfnXssMatchSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnIPSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnRegexPatternSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnRuleGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnWebACL, github.com/aws/aws-cdk-go/awscdk/v2.aws_wafv2.CfnWebACLAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_workspaces.CfnConnectionAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_workspaces.CfnWorkspace, github.com/aws/aws-cdk-go/awscdk/v2.aws_xray.CfnGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_xray.CfnSamplingRule, github.com/aws/aws-cdk-go/awscdk/v2.cloudformation_include.CfnInclude, github.com/aws/aws-cdk-go/awscdk/v2.custom_resources.AwsCustomResource, github.com/aws/aws-cdk-go/awscdk/v2.custom_resources.Provider, github.com/aws/aws-cdk-go/awscdk/v2.lambda_layer_awscli.AwsCliLayer, github.com/aws/aws-cdk-go/awscdk/v2.lambda_layer_kubectl.KubectlLayer, github.com/aws/aws-cdk-go/awscdk/v2.App, github.com/aws/aws-cdk-go/awscdk/v2.AssetStaging, github.com/aws/aws-cdk-go/awscdk/v2.CfnCodeDeployBlueGreenHook, github.com/aws/aws-cdk-go/awscdk/v2.CfnCondition, github.com/aws/aws-cdk-go/awscdk/v2.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk/v2.CfnElement, github.com/aws/aws-cdk-go/awscdk/v2.CfnHook, github.com/aws/aws-cdk-go/awscdk/v2.CfnJson, github.com/aws/aws-cdk-go/awscdk/v2.CfnMacro, github.com/aws/aws-cdk-go/awscdk/v2.CfnMapping, github.com/aws/aws-cdk-go/awscdk/v2.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk/v2.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk/v2.CfnOutput, github.com/aws/aws-cdk-go/awscdk/v2.CfnParameter, github.com/aws/aws-cdk-go/awscdk/v2.CfnRefElement, github.com/aws/aws-cdk-go/awscdk/v2.CfnResource, github.com/aws/aws-cdk-go/awscdk/v2.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk/v2.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk/v2.CfnRule, github.com/aws/aws-cdk-go/awscdk/v2.CfnStack, github.com/aws/aws-cdk-go/awscdk/v2.CfnStackSet, github.com/aws/aws-cdk-go/awscdk/v2.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk/v2.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk/v2.CustomResource, github.com/aws/aws-cdk-go/awscdk/v2.CustomResourceProvider, github.com/aws/aws-cdk-go/awscdk/v2.NestedStack, github.com/aws/aws-cdk-go/awscdk/v2.Resource, github.com/aws/aws-cdk-go/awscdk/v2.Stack, github.com/aws/aws-cdk-go/awscdk/v2.Stage, Construct, DependencyGroup, github.com/aws/aws-cdk-go/awscdk.alexa_ask.CfnSkill, github.com/aws/aws-cdk-go/awscdk.assets.Staging, github.com/aws/aws-cdk-go/awscdk.aws_accessanalyzer.CfnAnalyzer, github.com/aws/aws-cdk-go/awscdk.aws_acmpca.CfnCertificate, github.com/aws/aws-cdk-go/awscdk.aws_acmpca.CfnCertificateAuthority, github.com/aws/aws-cdk-go/awscdk.aws_acmpca.CfnCertificateAuthorityActivation, github.com/aws/aws-cdk-go/awscdk.aws_amazonmq.CfnBroker, github.com/aws/aws-cdk-go/awscdk.aws_amazonmq.CfnConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_amazonmq.CfnConfigurationAssociation, github.com/aws/aws-cdk-go/awscdk.aws_amplify.App, github.com/aws/aws-cdk-go/awscdk.aws_amplify.Branch, github.com/aws/aws-cdk-go/awscdk.aws_amplify.CfnApp, github.com/aws/aws-cdk-go/awscdk.aws_amplify.CfnBranch, github.com/aws/aws-cdk-go/awscdk.aws_amplify.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_amplify.Domain, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.ApiKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Authorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.BasePathMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnAccount, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnApiKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnApiMappingV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnApiV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnAuthorizerV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnBasePathMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnClientCertificate, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDeployment, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDeploymentV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDocumentationPart, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDocumentationVersion, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnDomainNameV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnGatewayResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnIntegrationResponseV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnIntegrationV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnMethod, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnModel, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnModelV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnRequestValidator, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnResource, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnRestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnRouteResponseV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnRouteV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnStage, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnStageV2, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnUsagePlan, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnUsagePlanKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CfnVpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.CognitoUserPoolsAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Deployment, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.DomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.GatewayResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.LambdaRestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Method, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Model, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.ProxyResource, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RateLimitedApiKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RequestAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RequestValidator, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Resource, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.ResourceBase, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.RestApiBase, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.SpecRestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.Stage, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.TokenAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.UsagePlan, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.VpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.ApiMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnApiGatewayManagedOverrides, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnApiMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnDeployment, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnDomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnIntegrationResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnModel, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnRouteResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnStage, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.CfnVpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.DomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.HttpStage, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.VpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.WebSocketApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.WebSocketIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.WebSocketRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.WebSocketStage, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnConfigurationProfile, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnDeployment, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnDeploymentStrategy, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_appconfig.CfnHostedConfigurationVersion, github.com/aws/aws-cdk-go/awscdk.aws_appflow.CfnConnectorProfile, github.com/aws/aws-cdk-go/awscdk.aws_appflow.CfnFlow, github.com/aws/aws-cdk-go/awscdk.aws_appintegrations.CfnEventIntegration, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.BaseScalableAttribute, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.CfnScalableTarget, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.CfnScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.ScalableTarget, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.StepScalingAction, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.StepScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.TargetTrackingScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_applicationinsights.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnGatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnMesh, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnVirtualGateway, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnVirtualNode, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnVirtualRouter, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.CfnVirtualService, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.GatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.Mesh, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.Route, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.VirtualGateway, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.VirtualNode, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.VirtualRouter, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.VirtualService, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnDirectoryConfig, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnFleet, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnImageBuilder, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnStack, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnStackFleetAssociation, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnStackUserAssociation, github.com/aws/aws-cdk-go/awscdk.aws_appstream.CfnUser, github.com/aws/aws-cdk-go/awscdk.aws_appsync.AppsyncFunction, github.com/aws/aws-cdk-go/awscdk.aws_appsync.BackedDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.BaseDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnApiCache, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnApiKey, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnFunctionConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnGraphQLApi, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnGraphQLSchema, github.com/aws/aws-cdk-go/awscdk.aws_appsync.CfnResolver, github.com/aws/aws-cdk-go/awscdk.aws_appsync.DynamoDbDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.ElasticsearchDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.GraphqlApi, github.com/aws/aws-cdk-go/awscdk.aws_appsync.GraphqlApiBase, github.com/aws/aws-cdk-go/awscdk.aws_appsync.HttpDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.LambdaDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.NoneDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.RdsDataSource, github.com/aws/aws-cdk-go/awscdk.aws_appsync.Resolver, github.com/aws/aws-cdk-go/awscdk.aws_athena.CfnDataCatalog, github.com/aws/aws-cdk-go/awscdk.aws_athena.CfnNamedQuery, github.com/aws/aws-cdk-go/awscdk.aws_athena.CfnWorkGroup, github.com/aws/aws-cdk-go/awscdk.aws_auditmanager.CfnAssessment, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.AutoScalingGroup, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnAutoScalingGroup, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnLaunchConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnLifecycleHook, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnScheduledAction, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.CfnWarmPool, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.LifecycleHook, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.ScheduledAction, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.StepScalingAction, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.StepScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.TargetTrackingScalingPolicy, github.com/aws/aws-cdk-go/awscdk.aws_autoscalingplans.CfnScalingPlan, github.com/aws/aws-cdk-go/awscdk.aws_backup.BackupPlan, github.com/aws/aws-cdk-go/awscdk.aws_backup.BackupSelection, github.com/aws/aws-cdk-go/awscdk.aws_backup.BackupVault, github.com/aws/aws-cdk-go/awscdk.aws_backup.CfnBackupPlan, github.com/aws/aws-cdk-go/awscdk.aws_backup.CfnBackupSelection, github.com/aws/aws-cdk-go/awscdk.aws_backup.CfnBackupVault, github.com/aws/aws-cdk-go/awscdk.aws_batch.CfnComputeEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_batch.CfnJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_batch.CfnJobQueue, github.com/aws/aws-cdk-go/awscdk.aws_batch.ComputeEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_batch.JobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_batch.JobQueue, github.com/aws/aws-cdk-go/awscdk.aws_budgets.CfnBudget, github.com/aws/aws-cdk-go/awscdk.aws_budgets.CfnBudgetsAction, github.com/aws/aws-cdk-go/awscdk.aws_cassandra.CfnKeyspace, github.com/aws/aws-cdk-go/awscdk.aws_cassandra.CfnTable, github.com/aws/aws-cdk-go/awscdk.aws_ce.CfnAnomalyMonitor, github.com/aws/aws-cdk-go/awscdk.aws_ce.CfnAnomalySubscription, github.com/aws/aws-cdk-go/awscdk.aws_ce.CfnCostCategory, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.Certificate, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.CfnAccount, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.CfnCertificate, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.DnsValidatedCertificate, github.com/aws/aws-cdk-go/awscdk.aws_chatbot.CfnSlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_chatbot.SlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_cloud9.CfnEnvironmentEC2, github.com/aws/aws-cdk-go/awscdk.aws_cloud9.Ec2Environment, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnMacro, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnStack, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnStackSet, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.CustomResource, github.com/aws/aws-cdk-go/awscdk.aws_cloudformation.NestedStack, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.experimental.EdgeFunction, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CachePolicy, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnCachePolicy, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnCloudFrontOriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnDistribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnFunction, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnKeyGroup, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnOriginRequestPolicy, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnPublicKey, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnRealtimeLogConfig, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CfnStreamingDistribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.CloudFrontWebDistribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.Distribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.KeyGroup, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.OriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.OriginRequestPolicy, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.PublicKey, github.com/aws/aws-cdk-go/awscdk.aws_cloudtrail.CfnTrail, github.com/aws/aws-cdk-go/awscdk.aws_cloudtrail.Trail, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.Alarm, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.AlarmBase, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnAlarm, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnAnomalyDetector, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnCompositeAlarm, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnDashboard, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnInsightRule, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CfnMetricStream, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.CompositeAlarm, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.Dashboard, github.com/aws/aws-cdk-go/awscdk.aws_codeartifact.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_codeartifact.CfnRepository, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.BitBucketSourceCredentials, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.CfnReportGroup, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.CfnSourceCredential, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.GitHubEnterpriseSourceCredentials, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.GitHubSourceCredentials, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.PipelineProject, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.Project, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.ReportGroup, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.UntrustedCodeBoundaryPolicy, github.com/aws/aws-cdk-go/awscdk.aws_codecommit.CfnRepository, github.com/aws/aws-cdk-go/awscdk.aws_codecommit.Repository, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.CfnDeploymentConfig, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.CfnDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.CustomLambdaDeploymentConfig, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.EcsApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.LambdaApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.LambdaDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ServerApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ServerDeploymentConfig, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ServerDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codeguruprofiler.CfnProfilingGroup, github.com/aws/aws-cdk-go/awscdk.aws_codeguruprofiler.ProfilingGroup, github.com/aws/aws-cdk-go/awscdk.aws_codegurureviewer.CfnRepositoryAssociation, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.CfnCustomActionType, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.CfnPipeline, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.CfnWebhook, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.Pipeline, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline_actions.BaseJenkinsProvider, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline_actions.JenkinsProvider, github.com/aws/aws-cdk-go/awscdk.aws_codestar.CfnGitHubRepository, github.com/aws/aws-cdk-go/awscdk.aws_codestar.GitHubRepository, github.com/aws/aws-cdk-go/awscdk.aws_codestarconnections.CfnConnection, github.com/aws/aws-cdk-go/awscdk.aws_codestarnotifications.CfnNotificationRule, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnIdentityPool, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnIdentityPoolRoleAttachment, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPool, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolClient, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolDomain, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolGroup, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolIdentityProvider, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolRiskConfigurationAttachment, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolUICustomizationAttachment, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolUser, github.com/aws/aws-cdk-go/awscdk.aws_cognito.CfnUserPoolUserToGroupAttachment, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPool, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolClient, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolDomain, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolIdentityProviderAmazon, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolIdentityProviderApple, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolIdentityProviderFacebook, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolIdentityProviderGoogle, github.com/aws/aws-cdk-go/awscdk.aws_cognito.UserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk.aws_config.AccessKeysRotated, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnAggregationAuthorization, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnConfigRule, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnConfigurationAggregator, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnConfigurationRecorder, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnConformancePack, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnDeliveryChannel, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnOrganizationConfigRule, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnOrganizationConformancePack, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnRemediationConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_config.CfnStoredQuery, github.com/aws/aws-cdk-go/awscdk.aws_config.CloudFormationStackDriftDetectionCheck, github.com/aws/aws-cdk-go/awscdk.aws_config.CloudFormationStackNotificationCheck, github.com/aws/aws-cdk-go/awscdk.aws_config.CustomRule, github.com/aws/aws-cdk-go/awscdk.aws_config.ManagedRule, github.com/aws/aws-cdk-go/awscdk.aws_customerprofiles.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_customerprofiles.CfnIntegration, github.com/aws/aws-cdk-go/awscdk.aws_customerprofiles.CfnObjectType, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnDataset, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnJob, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnRecipe, github.com/aws/aws-cdk-go/awscdk.aws_databrew.CfnSchedule, github.com/aws/aws-cdk-go/awscdk.aws_datapipeline.CfnPipeline, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnAgent, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationEFS, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationFSxWindows, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationNFS, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationObjectStorage, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationS3, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnLocationSMB, github.com/aws/aws-cdk-go/awscdk.aws_datasync.CfnTask, github.com/aws/aws-cdk-go/awscdk.aws_dax.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_dax.CfnParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_dax.CfnSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_detective.CfnGraph, github.com/aws/aws-cdk-go/awscdk.aws_detective.CfnMemberInvitation, github.com/aws/aws-cdk-go/awscdk.aws_devopsguru.CfnNotificationChannel, github.com/aws/aws-cdk-go/awscdk.aws_devopsguru.CfnResourceCollection, github.com/aws/aws-cdk-go/awscdk.aws_directoryservice.CfnMicrosoftAD, github.com/aws/aws-cdk-go/awscdk.aws_directoryservice.CfnSimpleAD, github.com/aws/aws-cdk-go/awscdk.aws_dlm.CfnLifecyclePolicy, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnCertificate, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnEventSubscription, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnReplicationInstance, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnReplicationSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_dms.CfnReplicationTask, github.com/aws/aws-cdk-go/awscdk.aws_docdb.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk.aws_docdb.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_docdb.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk.aws_docdb.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_docdb.ClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_docdb.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_docdb.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_docdb.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk.aws_dynamodb.CfnGlobalTable, github.com/aws/aws-cdk-go/awscdk.aws_dynamodb.CfnTable, github.com/aws/aws-cdk-go/awscdk.aws_dynamodb.Table, github.com/aws/aws-cdk-go/awscdk.aws_ec2.BastionHostLinux, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnCapacityReservation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnCarrierGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnClientVpnAuthorizationRule, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnClientVpnRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnClientVpnTargetNetworkAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnCustomerGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnDHCPOptions, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEC2Fleet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEIP, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEIPAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEgressOnlyInternetGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnEnclaveCertificateIamRoleAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnFlowLog, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnGatewayRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnHost, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnInstance, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnInternetGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnLaunchTemplate, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnLocalGatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnLocalGatewayRouteTableVPCAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNatGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkAcl, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkAclEntry, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInsightsAnalysis, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInsightsPath, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInterface, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInterfaceAttachment, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnNetworkInterfacePermission, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnPlacementGroup, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnPrefixList, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnRouteTable, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSecurityGroupEgress, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSpotFleet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSubnetCidrBlock, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnSubnetRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTrafficMirrorFilter, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTrafficMirrorFilterRule, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTrafficMirrorSession, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTrafficMirrorTarget, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayAttachment, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayConnect, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayMulticastDomain, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayMulticastDomainAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayMulticastGroupMember, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayMulticastGroupSource, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayRouteTable, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayRouteTableAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnTransitGatewayRouteTablePropagation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPC, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCCidrBlock, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCDHCPOptionsAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCEndpointConnectionNotification, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCEndpointService, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCEndpointServicePermissions, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCGatewayAttachment, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPCPeeringConnection, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPNConnection, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPNConnectionRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPNGateway, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVPNGatewayRoutePropagation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVolume, github.com/aws/aws-cdk-go/awscdk.aws_ec2.CfnVolumeAttachment, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ClientVpnAuthorizationRule, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ClientVpnRoute, github.com/aws/aws-cdk-go/awscdk.aws_ec2.FlowLog, github.com/aws/aws-cdk-go/awscdk.aws_ec2.GatewayVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.Instance, github.com/aws/aws-cdk-go/awscdk.aws_ec2.InterfaceVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.LaunchTemplate, github.com/aws/aws-cdk-go/awscdk.aws_ec2.NetworkAcl, github.com/aws/aws-cdk-go/awscdk.aws_ec2.NetworkAclEntry, github.com/aws/aws-cdk-go/awscdk.aws_ec2.PrivateSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.PublicSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.SecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_ec2.Subnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.Volume, github.com/aws/aws-cdk-go/awscdk.aws_ec2.Vpc, github.com/aws/aws-cdk-go/awscdk.aws_ec2.VpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.VpcEndpointService, github.com/aws/aws-cdk-go/awscdk.aws_ec2.VpnConnection, github.com/aws/aws-cdk-go/awscdk.aws_ec2.VpnGateway, github.com/aws/aws-cdk-go/awscdk.aws_ecr.CfnPublicRepository, github.com/aws/aws-cdk-go/awscdk.aws_ecr.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdk.aws_ecr.CfnReplicationConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_ecr.CfnRepository, github.com/aws/aws-cdk-go/awscdk.aws_ecr.Repository, github.com/aws/aws-cdk-go/awscdk.aws_ecr.RepositoryBase, github.com/aws/aws-cdk-go/awscdk.aws_ecr_assets.DockerImageAsset, github.com/aws/aws-cdk-go/awscdk.aws_ecs.AsgCapacityProvider, github.com/aws/aws-cdk-go/awscdk.aws_ecs.BaseService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnCapacityProvider, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnClusterCapacityProviderAssociations, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnPrimaryTaskSet, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnTaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.CfnTaskSet, github.com/aws/aws-cdk-go/awscdk.aws_ecs.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_ecs.ContainerDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.Ec2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs.Ec2TaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.FargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.FargateTaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.FirelensLogRouter, github.com/aws/aws-cdk-go/awscdk.aws_ecs.LinuxParameters, github.com/aws/aws-cdk-go/awscdk.aws_ecs.ScalableTaskCount, github.com/aws/aws-cdk-go/awscdk.aws_ecs.TaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationLoadBalancedEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationLoadBalancedFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationLoadBalancedServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationMultipleTargetGroupsEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationMultipleTargetGroupsFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ApplicationMultipleTargetGroupsServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkLoadBalancedEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkLoadBalancedFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkLoadBalancedServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkMultipleTargetGroupsEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkMultipleTargetGroupsFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.NetworkMultipleTargetGroupsServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.QueueProcessingEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.QueueProcessingFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.QueueProcessingServiceBase, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ScheduledEc2Task, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ScheduledFargateTask, github.com/aws/aws-cdk-go/awscdk.aws_ecs_patterns.ScheduledTaskBase, github.com/aws/aws-cdk-go/awscdk.aws_efs.AccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_efs.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_efs.CfnFileSystem, github.com/aws/aws-cdk-go/awscdk.aws_efs.CfnMountTarget, github.com/aws/aws-cdk-go/awscdk.aws_efs.FileSystem, github.com/aws/aws-cdk-go/awscdk.aws_eks.AwsAuth, github.com/aws/aws-cdk-go/awscdk.aws_eks.CfnAddon, github.com/aws/aws-cdk-go/awscdk.aws_eks.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_eks.CfnFargateProfile, github.com/aws/aws-cdk-go/awscdk.aws_eks.CfnNodegroup, github.com/aws/aws-cdk-go/awscdk.aws_eks.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_eks.FargateCluster, github.com/aws/aws-cdk-go/awscdk.aws_eks.FargateProfile, github.com/aws/aws-cdk-go/awscdk.aws_eks.HelmChart, github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesManifest, github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesObjectValue, github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesPatch, github.com/aws/aws-cdk-go/awscdk.aws_eks.Nodegroup, github.com/aws/aws-cdk-go/awscdk.aws_eks.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk.aws_eks.ServiceAccount, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.AwsAuth, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.CfnAddon, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.CfnFargateProfile, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.CfnNodegroup, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.HelmChart, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.KubernetesResource, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnCacheCluster, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnGlobalReplicationGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnReplicationGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnUser, github.com/aws/aws-cdk-go/awscdk.aws_elasticache.CfnUserGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticbeanstalk.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_elasticbeanstalk.CfnApplicationVersion, github.com/aws/aws-cdk-go/awscdk.aws_elasticbeanstalk.CfnConfigurationTemplate, github.com/aws/aws-cdk-go/awscdk.aws_elasticbeanstalk.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancing.CfnLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancing.LoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationListenerCertificate, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationListenerRule, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ApplicationTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.BaseListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.BaseLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnListenerCertificate, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnListenerRule, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.CfnTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.NetworkListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.NetworkLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.NetworkTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.TargetGroupBase, github.com/aws/aws-cdk-go/awscdk.aws_elasticsearch.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_elasticsearch.Domain, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnInstanceFleetConfig, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnInstanceGroupConfig, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnSecurityConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnStep, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnStudio, github.com/aws/aws-cdk-go/awscdk.aws_emr.CfnStudioSessionMapping, github.com/aws/aws-cdk-go/awscdk.aws_emrcontainers.CfnVirtualCluster, github.com/aws/aws-cdk-go/awscdk.aws_events.Archive, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnApiDestination, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnArchive, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnConnection, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnEventBus, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnEventBusPolicy, github.com/aws/aws-cdk-go/awscdk.aws_events.CfnRule, github.com/aws/aws-cdk-go/awscdk.aws_events.EventBus, github.com/aws/aws-cdk-go/awscdk.aws_events.Rule, github.com/aws/aws-cdk-go/awscdk.aws_eventschemas.CfnDiscoverer, github.com/aws/aws-cdk-go/awscdk.aws_eventschemas.CfnRegistry, github.com/aws/aws-cdk-go/awscdk.aws_eventschemas.CfnRegistryPolicy, github.com/aws/aws-cdk-go/awscdk.aws_eventschemas.CfnSchema, github.com/aws/aws-cdk-go/awscdk.aws_finspace.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_fis.CfnExperimentTemplate, github.com/aws/aws-cdk-go/awscdk.aws_fms.CfnNotificationChannel, github.com/aws/aws-cdk-go/awscdk.aws_fms.CfnPolicy, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnDetector, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnEntityType, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnEventType, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnLabel, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnOutcome, github.com/aws/aws-cdk-go/awscdk.aws_frauddetector.CfnVariable, github.com/aws/aws-cdk-go/awscdk.aws_fsx.CfnFileSystem, github.com/aws/aws-cdk-go/awscdk.aws_fsx.FileSystemBase, github.com/aws/aws-cdk-go/awscdk.aws_fsx.LustreFileSystem, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnAlias, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnBuild, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnFleet, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnGameServerGroup, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnGameSessionQueue, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnMatchmakingConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnMatchmakingRuleSet, github.com/aws/aws-cdk-go/awscdk.aws_gamelift.CfnScript, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.Accelerator, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.CfnAccelerator, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.CfnEndpointGroup, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.CfnListener, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.EndpointGroup, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.Listener, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnClassifier, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnConnection, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnCrawler, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnDataCatalogEncryptionSettings, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnDatabase, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnDevEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnJob, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnMLTransform, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnPartition, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnRegistry, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnSchema, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnSchemaVersion, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnSchemaVersionMetadata, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnSecurityConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnTable, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnTrigger, github.com/aws/aws-cdk-go/awscdk.aws_glue.CfnWorkflow, github.com/aws/aws-cdk-go/awscdk.aws_glue.Connection, github.com/aws/aws-cdk-go/awscdk.aws_glue.Database, github.com/aws/aws-cdk-go/awscdk.aws_glue.SecurityConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_glue.Table, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnConnectorDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnConnectorDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnCoreDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnCoreDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnDeviceDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnDeviceDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnFunctionDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnFunctionDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnGroup, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnGroupVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnLoggerDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnLoggerDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnResourceDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnResourceDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnSubscriptionDefinition, github.com/aws/aws-cdk-go/awscdk.aws_greengrass.CfnSubscriptionDefinitionVersion, github.com/aws/aws-cdk-go/awscdk.aws_greengrassv2.CfnComponentVersion, github.com/aws/aws-cdk-go/awscdk.aws_groundstation.CfnConfig, github.com/aws/aws-cdk-go/awscdk.aws_groundstation.CfnDataflowEndpointGroup, github.com/aws/aws-cdk-go/awscdk.aws_groundstation.CfnMissionProfile, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnDetector, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnFilter, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnIPSet, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnMaster, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnMember, github.com/aws/aws-cdk-go/awscdk.aws_guardduty.CfnThreatIntelSet, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnAccessKey, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnGroup, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnInstanceProfile, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnManagedPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnOIDCProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnRole, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnSAMLProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnServerCertificate, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnServiceLinkedRole, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnUser, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnUserToGroupAddition, github.com/aws/aws-cdk-go/awscdk.aws_iam.CfnVirtualMFADevice, github.com/aws/aws-cdk-go/awscdk.aws_iam.Group, github.com/aws/aws-cdk-go/awscdk.aws_iam.LazyRole, github.com/aws/aws-cdk-go/awscdk.aws_iam.ManagedPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.OpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.Policy, github.com/aws/aws-cdk-go/awscdk.aws_iam.Role, github.com/aws/aws-cdk-go/awscdk.aws_iam.SamlProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.User, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnComponent, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnContainerRecipe, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnDistributionConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnImage, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnImagePipeline, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnImageRecipe, github.com/aws/aws-cdk-go/awscdk.aws_imagebuilder.CfnInfrastructureConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_inspector.CfnAssessmentTarget, github.com/aws/aws-cdk-go/awscdk.aws_inspector.CfnAssessmentTemplate, github.com/aws/aws-cdk-go/awscdk.aws_inspector.CfnResourceGroup, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnAccountAuditConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnCertificate, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnCustomMetric, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnDimension, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnDomainConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnMitigationAction, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnPolicyPrincipalAttachment, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnProvisioningTemplate, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnScheduledAudit, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnSecurityProfile, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnThing, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnThingPrincipalAttachment, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnTopicRule, github.com/aws/aws-cdk-go/awscdk.aws_iot.CfnTopicRuleDestination, github.com/aws/aws-cdk-go/awscdk.aws_iot1click.CfnDevice, github.com/aws/aws-cdk-go/awscdk.aws_iot1click.CfnPlacement, github.com/aws/aws-cdk-go/awscdk.aws_iot1click.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_iotanalytics.CfnChannel, github.com/aws/aws-cdk-go/awscdk.aws_iotanalytics.CfnDataset, github.com/aws/aws-cdk-go/awscdk.aws_iotanalytics.CfnDatastore, github.com/aws/aws-cdk-go/awscdk.aws_iotanalytics.CfnPipeline, github.com/aws/aws-cdk-go/awscdk.aws_iotevents.CfnDetectorModel, github.com/aws/aws-cdk-go/awscdk.aws_iotevents.CfnInput, github.com/aws/aws-cdk-go/awscdk.aws_iotfleethub.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnAccessPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnAsset, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnAssetModel, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnDashboard, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnGateway, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnPortal, github.com/aws/aws-cdk-go/awscdk.aws_iotsitewise.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_iotthingsgraph.CfnFlowTemplate, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnDestination, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnDeviceProfile, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnPartnerAccount, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnServiceProfile, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnTaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnWirelessDevice, github.com/aws/aws-cdk-go/awscdk.aws_iotwireless.CfnWirelessGateway, github.com/aws/aws-cdk-go/awscdk.aws_ivs.CfnChannel, github.com/aws/aws-cdk-go/awscdk.aws_ivs.CfnPlaybackKeyPair, github.com/aws/aws-cdk-go/awscdk.aws_ivs.CfnRecordingConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_ivs.CfnStreamKey, github.com/aws/aws-cdk-go/awscdk.aws_ivs.Channel, github.com/aws/aws-cdk-go/awscdk.aws_ivs.PlaybackKeyPair, github.com/aws/aws-cdk-go/awscdk.aws_ivs.StreamKey, github.com/aws/aws-cdk-go/awscdk.aws_kendra.CfnDataSource, github.com/aws/aws-cdk-go/awscdk.aws_kendra.CfnFaq, github.com/aws/aws-cdk-go/awscdk.aws_kendra.CfnIndex, github.com/aws/aws-cdk-go/awscdk.aws_kinesis.CfnStream, github.com/aws/aws-cdk-go/awscdk.aws_kinesis.CfnStreamConsumer, github.com/aws/aws-cdk-go/awscdk.aws_kinesis.Stream, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationCloudWatchLoggingOptionV2, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationOutput, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationOutputV2, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationReferenceDataSource, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationReferenceDataSourceV2, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics.CfnApplicationV2, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics_flink.Application, github.com/aws/aws-cdk-go/awscdk.aws_kinesisfirehose.CfnDeliveryStream, github.com/aws/aws-cdk-go/awscdk.aws_kms.Alias, github.com/aws/aws-cdk-go/awscdk.aws_kms.CfnAlias, github.com/aws/aws-cdk-go/awscdk.aws_kms.CfnKey, github.com/aws/aws-cdk-go/awscdk.aws_kms.Key, github.com/aws/aws-cdk-go/awscdk.aws_lakeformation.CfnDataLakeSettings, github.com/aws/aws-cdk-go/awscdk.aws_lakeformation.CfnPermissions, github.com/aws/aws-cdk-go/awscdk.aws_lakeformation.CfnResource, github.com/aws/aws-cdk-go/awscdk.aws_lambda.Alias, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnAlias, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnCodeSigningConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnEventInvokeConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnEventSourceMapping, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnLayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnLayerVersionPermission, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnPermission, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CfnVersion, github.com/aws/aws-cdk-go/awscdk.aws_lambda.CodeSigningConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.DockerImageFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda.EventInvokeConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.EventSourceMapping, github.com/aws/aws-cdk-go/awscdk.aws_lambda.Function, github.com/aws/aws-cdk-go/awscdk.aws_lambda.FunctionBase, github.com/aws/aws-cdk-go/awscdk.aws_lambda.LayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_lambda.LogRetention, github.com/aws/aws-cdk-go/awscdk.aws_lambda.QualifiedFunctionBase, github.com/aws/aws-cdk-go/awscdk.aws_lambda.SingletonFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda.Version, github.com/aws/aws-cdk-go/awscdk.aws_lambda_go.GoFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda_nodejs.NodejsFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda_python.PythonFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda_python.PythonLayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_licensemanager.CfnGrant, github.com/aws/aws-cdk-go/awscdk.aws_licensemanager.CfnLicense, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnDestination, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnLogGroup, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnLogStream, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnMetricFilter, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnQueryDefinition, github.com/aws/aws-cdk-go/awscdk.aws_logs.CfnSubscriptionFilter, github.com/aws/aws-cdk-go/awscdk.aws_logs.CrossAccountDestination, github.com/aws/aws-cdk-go/awscdk.aws_logs.LogGroup, github.com/aws/aws-cdk-go/awscdk.aws_logs.LogRetention, github.com/aws/aws-cdk-go/awscdk.aws_logs.LogStream, github.com/aws/aws-cdk-go/awscdk.aws_logs.MetricFilter, github.com/aws/aws-cdk-go/awscdk.aws_logs.SubscriptionFilter, github.com/aws/aws-cdk-go/awscdk.aws_lookoutmetrics.CfnAlert, github.com/aws/aws-cdk-go/awscdk.aws_lookoutmetrics.CfnAnomalyDetector, github.com/aws/aws-cdk-go/awscdk.aws_lookoutvision.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_macie.CfnCustomDataIdentifier, github.com/aws/aws-cdk-go/awscdk.aws_macie.CfnFindingsFilter, github.com/aws/aws-cdk-go/awscdk.aws_macie.CfnSession, github.com/aws/aws-cdk-go/awscdk.aws_managedblockchain.CfnMember, github.com/aws/aws-cdk-go/awscdk.aws_managedblockchain.CfnNode, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlow, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlowEntitlement, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlowOutput, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlowSource, github.com/aws/aws-cdk-go/awscdk.aws_mediaconnect.CfnFlowVpcInterface, github.com/aws/aws-cdk-go/awscdk.aws_mediaconvert.CfnJobTemplate, github.com/aws/aws-cdk-go/awscdk.aws_mediaconvert.CfnPreset, github.com/aws/aws-cdk-go/awscdk.aws_mediaconvert.CfnQueue, github.com/aws/aws-cdk-go/awscdk.aws_medialive.CfnChannel, github.com/aws/aws-cdk-go/awscdk.aws_medialive.CfnInput, github.com/aws/aws-cdk-go/awscdk.aws_medialive.CfnInputSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnAsset, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnChannel, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnOriginEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnPackagingConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_mediapackage.CfnPackagingGroup, github.com/aws/aws-cdk-go/awscdk.aws_mediastore.CfnContainer, github.com/aws/aws-cdk-go/awscdk.aws_msk.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_msk.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_mwaa.CfnEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.ClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_neptune.DatabaseClusterBase, github.com/aws/aws-cdk-go/awscdk.aws_neptune.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_neptune.ParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.SubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_networkfirewall.CfnFirewall, github.com/aws/aws-cdk-go/awscdk.aws_networkfirewall.CfnFirewallPolicy, github.com/aws/aws-cdk-go/awscdk.aws_networkfirewall.CfnLoggingConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_networkfirewall.CfnRuleGroup, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnCustomerGatewayAssociation, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnDevice, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnGlobalNetwork, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnLink, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnLinkAssociation, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnSite, github.com/aws/aws-cdk-go/awscdk.aws_networkmanager.CfnTransitGatewayRegistration, github.com/aws/aws-cdk-go/awscdk.aws_nimblestudio.CfnLaunchProfile, github.com/aws/aws-cdk-go/awscdk.aws_nimblestudio.CfnStreamingImage, github.com/aws/aws-cdk-go/awscdk.aws_nimblestudio.CfnStudio, github.com/aws/aws-cdk-go/awscdk.aws_nimblestudio.CfnStudioComponent, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnApp, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnElasticLoadBalancerAttachment, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnInstance, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnLayer, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnStack, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnUserProfile, github.com/aws/aws-cdk-go/awscdk.aws_opsworks.CfnVolume, github.com/aws/aws-cdk-go/awscdk.aws_opsworkscm.CfnServer, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnADMChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnAPNSChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnAPNSSandboxChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnAPNSVoipChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnAPNSVoipSandboxChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnApp, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnApplicationSettings, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnBaiduChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnCampaign, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnEmailChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnEmailTemplate, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnEventStream, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnGCMChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnPushTemplate, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnSMSChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnSegment, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnSmsTemplate, github.com/aws/aws-cdk-go/awscdk.aws_pinpoint.CfnVoiceChannel, github.com/aws/aws-cdk-go/awscdk.aws_pinpointemail.CfnConfigurationSet, github.com/aws/aws-cdk-go/awscdk.aws_pinpointemail.CfnConfigurationSetEventDestination, github.com/aws/aws-cdk-go/awscdk.aws_pinpointemail.CfnDedicatedIpPool, github.com/aws/aws-cdk-go/awscdk.aws_pinpointemail.CfnIdentity, github.com/aws/aws-cdk-go/awscdk.aws_qldb.CfnLedger, github.com/aws/aws-cdk-go/awscdk.aws_qldb.CfnStream, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnAnalysis, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnDashboard, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnDataSet, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnDataSource, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnTemplate, github.com/aws/aws-cdk-go/awscdk.aws_quicksight.CfnTheme, github.com/aws/aws-cdk-go/awscdk.aws_ram.CfnResourceShare, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBInstance, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBProxy, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBProxyEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBProxyTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnDBSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnEventSubscription, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnGlobalCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.CfnOptionGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseClusterBase, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseClusterFromSnapshot, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseInstanceBase, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseInstanceFromSnapshot, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseInstanceReadReplica, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseProxy, github.com/aws/aws-cdk-go/awscdk.aws_rds.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk.aws_rds.OptionGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.ParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.ServerlessCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.SubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnCluster, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnClusterSecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnClusterSecurityGroupIngress, github.com/aws/aws-cdk-go/awscdk.aws_redshift.CfnClusterSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.Cluster, github.com/aws/aws-cdk-go/awscdk.aws_redshift.ClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.ClusterSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.DatabaseSecret, github.com/aws/aws-cdk-go/awscdk.aws_resourcegroups.CfnGroup, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnFleet, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnRobot, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnRobotApplication, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnRobotApplicationVersion, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnSimulationApplication, github.com/aws/aws-cdk-go/awscdk.aws_robomaker.CfnSimulationApplicationVersion, github.com/aws/aws-cdk-go/awscdk.aws_route53.ARecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.AaaaRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.CaaAmazonRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.CaaRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnDNSSEC, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnHealthCheck, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnKeySigningKey, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnRecordSet, github.com/aws/aws-cdk-go/awscdk.aws_route53.CfnRecordSetGroup, github.com/aws/aws-cdk-go/awscdk.aws_route53.CnameRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.CrossAccountZoneDelegationRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.HostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.MxRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.NsRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.PrivateHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.PublicHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.RecordSet, github.com/aws/aws-cdk-go/awscdk.aws_route53.SrvRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.TxtRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53.VpcEndpointServiceDomainName, github.com/aws/aws-cdk-go/awscdk.aws_route53.ZoneDelegationRecord, github.com/aws/aws-cdk-go/awscdk.aws_route53_patterns.HttpsRedirect, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnFirewallDomainList, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnFirewallRuleGroup, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnFirewallRuleGroupAssociation, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverDNSSECConfig, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverQueryLoggingConfig, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverQueryLoggingConfigAssociation, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverRule, github.com/aws/aws-cdk-go/awscdk.aws_route53resolver.CfnResolverRuleAssociation, github.com/aws/aws-cdk-go/awscdk.aws_s3.Bucket, github.com/aws/aws-cdk-go/awscdk.aws_s3.BucketPolicy, github.com/aws/aws-cdk-go/awscdk.aws_s3.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_s3.CfnBucket, github.com/aws/aws-cdk-go/awscdk.aws_s3.CfnBucketPolicy, github.com/aws/aws-cdk-go/awscdk.aws_s3.CfnStorageLens, github.com/aws/aws-cdk-go/awscdk.aws_s3_assets.Asset, github.com/aws/aws-cdk-go/awscdk.aws_s3_deployment.BucketDeployment, github.com/aws/aws-cdk-go/awscdk.aws_s3objectlambda.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_s3objectlambda.CfnAccessPointPolicy, github.com/aws/aws-cdk-go/awscdk.aws_s3outposts.CfnAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_s3outposts.CfnBucket, github.com/aws/aws-cdk-go/awscdk.aws_s3outposts.CfnBucketPolicy, github.com/aws/aws-cdk-go/awscdk.aws_s3outposts.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnApp, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnAppImageConfig, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnCodeRepository, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnDataQualityJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnDevice, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnDeviceFleet, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnEndpointConfig, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnFeatureGroup, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnImage, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnImageVersion, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModel, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModelBiasJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModelExplainabilityJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModelPackageGroup, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnModelQualityJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnMonitoringSchedule, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnNotebookInstance, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnNotebookInstanceLifecycleConfig, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnPipeline, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnProject, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnUserProfile, github.com/aws/aws-cdk-go/awscdk.aws_sagemaker.CfnWorkteam, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnApi, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnFunction, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnLayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnSimpleTable, github.com/aws/aws-cdk-go/awscdk.aws_sam.CfnStateMachine, github.com/aws/aws-cdk-go/awscdk.aws_sdb.CfnDomain, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.CfnResourcePolicy, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.CfnRotationSchedule, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.CfnSecret, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.CfnSecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.ResourcePolicy, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.RotationSchedule, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.Secret, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.SecretRotation, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.SecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk.aws_securityhub.CfnHub, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnAcceptedPortfolioShare, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnCloudFormationProduct, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnCloudFormationProvisionedProduct, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnLaunchNotificationConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnLaunchRoleConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnLaunchTemplateConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnPortfolio, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnPortfolioPrincipalAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnPortfolioProductAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnPortfolioShare, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnResourceUpdateConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnServiceAction, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnServiceActionAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnStackSetConstraint, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnTagOption, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalog.CfnTagOptionAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalogappregistry.CfnApplication, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalogappregistry.CfnAttributeGroup, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalogappregistry.CfnAttributeGroupAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicecatalogappregistry.CfnResourceAssociation, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.AliasTargetInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnHttpNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnPrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnPublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CfnService, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.CnameInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.HttpNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.InstanceBase, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IpInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.NonIpInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.PrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.PublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.Service, github.com/aws/aws-cdk-go/awscdk.aws_ses.AllowListReceiptFilter, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnConfigurationSet, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnConfigurationSetEventDestination, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnContactList, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnReceiptFilter, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnReceiptRule, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk.aws_ses.CfnTemplate, github.com/aws/aws-cdk-go/awscdk.aws_ses.DropSpamReceiptRule, github.com/aws/aws-cdk-go/awscdk.aws_ses.ReceiptFilter, github.com/aws/aws-cdk-go/awscdk.aws_ses.ReceiptRule, github.com/aws/aws-cdk-go/awscdk.aws_ses.ReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk.aws_ses.WhiteListReceiptFilter, github.com/aws/aws-cdk-go/awscdk.aws_signer.CfnProfilePermission, github.com/aws/aws-cdk-go/awscdk.aws_signer.CfnSigningProfile, github.com/aws/aws-cdk-go/awscdk.aws_signer.SigningProfile, github.com/aws/aws-cdk-go/awscdk.aws_sns.CfnSubscription, github.com/aws/aws-cdk-go/awscdk.aws_sns.CfnTopic, github.com/aws/aws-cdk-go/awscdk.aws_sns.CfnTopicPolicy, github.com/aws/aws-cdk-go/awscdk.aws_sns.Subscription, github.com/aws/aws-cdk-go/awscdk.aws_sns.Topic, github.com/aws/aws-cdk-go/awscdk.aws_sns.TopicBase, github.com/aws/aws-cdk-go/awscdk.aws_sns.TopicPolicy, github.com/aws/aws-cdk-go/awscdk.aws_sqs.CfnQueue, github.com/aws/aws-cdk-go/awscdk.aws_sqs.CfnQueuePolicy, github.com/aws/aws-cdk-go/awscdk.aws_sqs.Queue, github.com/aws/aws-cdk-go/awscdk.aws_sqs.QueueBase, github.com/aws/aws-cdk-go/awscdk.aws_sqs.QueuePolicy, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnDocument, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnMaintenanceWindow, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnMaintenanceWindowTarget, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnMaintenanceWindowTask, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnPatchBaseline, github.com/aws/aws-cdk-go/awscdk.aws_ssm.CfnResourceDataSync, github.com/aws/aws-cdk-go/awscdk.aws_ssm.StringListParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssm.StringParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssmcontacts.CfnContact, github.com/aws/aws-cdk-go/awscdk.aws_ssmcontacts.CfnContactChannel, github.com/aws/aws-cdk-go/awscdk.aws_ssmincidents.CfnReplicationSet, github.com/aws/aws-cdk-go/awscdk.aws_ssmincidents.CfnResponsePlan, github.com/aws/aws-cdk-go/awscdk.aws_sso.CfnAssignment, github.com/aws/aws-cdk-go/awscdk.aws_sso.CfnInstanceAccessControlAttributeConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_sso.CfnPermissionSet, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Activity, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.CfnActivity, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.CfnStateMachine, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Choice, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.CustomState, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Fail, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Map, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Parallel, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Pass, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.State, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.StateMachine, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.StateMachineFragment, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Succeed, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Task, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.TaskStateBase, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.Wait, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.AthenaGetQueryExecution, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.AthenaGetQueryResults, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.AthenaStartQueryExecution, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.AthenaStopQueryExecution, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.BatchSubmitJob, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.CallApiGatewayHttpApiEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.CallApiGatewayRestApiEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.CodeBuildStartBuild, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.DynamoDeleteItem, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.DynamoGetItem, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.DynamoPutItem, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.DynamoUpdateItem, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EcsRunTask, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EksCall, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrAddStep, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrCancelStep, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrCreateCluster, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrModifyInstanceFleetByName, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrModifyInstanceGroupByName, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrSetClusterTerminationProtection, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EmrTerminateCluster, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.EvaluateExpression, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.GlueDataBrewStartJobRun, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.GlueStartJobRun, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.LambdaInvoke, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateEndpointConfig, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateModel, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateTrainingJob, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerCreateTransformJob, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SageMakerUpdateEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SnsPublish, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.SqsSendMessage, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.StepFunctionsInvokeActivity, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions_tasks.StepFunctionsStartExecution, github.com/aws/aws-cdk-go/awscdk.aws_synthetics.Canary, github.com/aws/aws-cdk-go/awscdk.aws_synthetics.CfnCanary, github.com/aws/aws-cdk-go/awscdk.aws_timestream.CfnDatabase, github.com/aws/aws-cdk-go/awscdk.aws_timestream.CfnTable, github.com/aws/aws-cdk-go/awscdk.aws_transfer.CfnServer, github.com/aws/aws-cdk-go/awscdk.aws_transfer.CfnUser, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnByteMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnIPSet, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnRule, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnSizeConstraintSet, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnSqlInjectionMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnWebACL, github.com/aws/aws-cdk-go/awscdk.aws_waf.CfnXssMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnByteMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnGeoMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnIPSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnRateBasedRule, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnRegexPatternSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnRule, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnSizeConstraintSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnSqlInjectionMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnWebACL, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnWebACLAssociation, github.com/aws/aws-cdk-go/awscdk.aws_wafregional.CfnXssMatchSet, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnIPSet, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnRegexPatternSet, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnRuleGroup, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnWebACL, github.com/aws/aws-cdk-go/awscdk.aws_wafv2.CfnWebACLAssociation, github.com/aws/aws-cdk-go/awscdk.aws_workspaces.CfnConnectionAlias, github.com/aws/aws-cdk-go/awscdk.aws_workspaces.CfnWorkspace, github.com/aws/aws-cdk-go/awscdk.aws_xray.CfnGroup, github.com/aws/aws-cdk-go/awscdk.aws_xray.CfnSamplingRule, github.com/aws/aws-cdk-go/awscdk.cloudformation_include.CfnInclude, github.com/aws/aws-cdk-go/awscdk.custom_resources.AwsCustomResource, github.com/aws/aws-cdk-go/awscdk.custom_resources.Provider, github.com/aws/aws-cdk-go/awscdk.lambda_layer_awscli.AwsCliLayer, github.com/aws/aws-cdk-go/awscdk.lambda_layer_kubectl.KubectlLayer, github.com/aws/aws-cdk-go/awscdk.pipelines.CdkPipeline, github.com/aws/aws-cdk-go/awscdk.pipelines.CdkStage, github.com/aws/aws-cdk-go/awscdk.pipelines.PublishAssetsAction, github.com/aws/aws-cdk-go/awscdk.pipelines.UpdatePipelineAction, github.com/aws/aws-cdk-go/awscdk.App, github.com/aws/aws-cdk-go/awscdk.AssetStaging, github.com/aws/aws-cdk-go/awscdk.CfnCodeDeployBlueGreenHook, github.com/aws/aws-cdk-go/awscdk.CfnCondition, github.com/aws/aws-cdk-go/awscdk.CfnCustomResource, github.com/aws/aws-cdk-go/awscdk.CfnElement, github.com/aws/aws-cdk-go/awscdk.CfnHook, github.com/aws/aws-cdk-go/awscdk.CfnInclude, github.com/aws/aws-cdk-go/awscdk.CfnJson, github.com/aws/aws-cdk-go/awscdk.CfnMacro, github.com/aws/aws-cdk-go/awscdk.CfnMapping, github.com/aws/aws-cdk-go/awscdk.CfnModuleDefaultVersion, github.com/aws/aws-cdk-go/awscdk.CfnModuleVersion, github.com/aws/aws-cdk-go/awscdk.CfnOutput, github.com/aws/aws-cdk-go/awscdk.CfnParameter, github.com/aws/aws-cdk-go/awscdk.CfnRefElement, github.com/aws/aws-cdk-go/awscdk.CfnResource, github.com/aws/aws-cdk-go/awscdk.CfnResourceDefaultVersion, github.com/aws/aws-cdk-go/awscdk.CfnResourceVersion, github.com/aws/aws-cdk-go/awscdk.CfnRule, github.com/aws/aws-cdk-go/awscdk.CfnStack, github.com/aws/aws-cdk-go/awscdk.CfnStackSet, github.com/aws/aws-cdk-go/awscdk.CfnWaitCondition, github.com/aws/aws-cdk-go/awscdk.CfnWaitConditionHandle, github.com/aws/aws-cdk-go/awscdk.Construct, github.com/aws/aws-cdk-go/awscdk.CustomResource, github.com/aws/aws-cdk-go/awscdk.CustomResourceProvider, github.com/aws/aws-cdk-go/awscdk.NestedStack, github.com/aws/aws-cdk-go/awscdk.Resource, github.com/aws/aws-cdk-go/awscdk.Stack, github.com/aws/aws-cdk-go/awscdk.Stage, github.com/aws/aws-cdk-go/awscdkawsecr.IRepository, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.IEventBus, github.com/aws/aws-cdk-go/awscdkawsevents/awscdkawsevents.IRule, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IGroup, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IIdentity, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IOpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IResourceWithPolicy, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IRole, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.ISamlProvider, github.com/aws/aws-cdk-go/awscdk/awsiam/awscdkawsiam.IUser, github.com/aws/aws-cdk-go/awscdk/awscdkcore.IConstruct, github.com/aws/aws-cdk-go/awscdk/awscdkcore.IResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_acmpca.ICertificateAuthority, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IApiKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IDomainName, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IGatewayResponse, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IRequestValidator, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IRestApi, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IStage, github.com/aws/aws-cdk-go/awscdk/v2.aws_apigateway.IVpcLink, github.com/aws/aws-cdk-go/awscdk/v2.aws_applicationautoscaling.IScalableTarget, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.IAutoScalingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.ILifecycleHook, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.IBackupPlan, github.com/aws/aws-cdk-go/awscdk/v2.aws_backup.IBackupVault, github.com/aws/aws-cdk-go/awscdk/v2.aws_certificatemanager.ICertificate, github.com/aws/aws-cdk-go/awscdk/v2.aws_chatbot.ISlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.IDistribution, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.IKeyGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.IOriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudfront.IPublicKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_cloudwatch.IAlarm, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.IProject, github.com/aws/aws-cdk-go/awscdk/v2.aws_codebuild.IReportGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codecommit.IRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.IEcsApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.IEcsDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ILambdaApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.ILambdaDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.IServerApplication, github.com/aws/aws-cdk-go/awscdk/v2.aws_codedeploy.IServerDeploymentGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codeguruprofiler.IProfilingGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline.IPipeline, github.com/aws/aws-cdk-go/awscdk/v2.aws_codepipeline_actions.IJenkinsProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPool, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPoolClient, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPoolDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPoolIdentityProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_cognito.IUserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk/v2.aws_config.IRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.IClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_docdb.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_dynamodb.ITable, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IFlowLog, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IGatewayVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IInterfaceVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ILaunchTemplate, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.INetworkAcl, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.INetworkAclEntry, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IPrivateSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IPublicSubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnet, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVolume, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpcEndpoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpcEndpointService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpnConnection, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpnGateway, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecr.IRepository, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IBaseService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.ICluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IEc2Service, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IEc2TaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IFargateService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IFargateTaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.IService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ecs.ITaskDefinition, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.IAccessPoint, github.com/aws/aws-cdk-go/awscdk/v2.aws_efs.IFileSystem, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ICluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.INodegroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.IApplicationListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.IApplicationLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.IApplicationTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ILoadBalancerV2, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.INetworkListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.INetworkLoadBalancer, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.INetworkTargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticloadbalancingv2.ITargetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_elasticsearch.IDomain, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.IEventBus, github.com/aws/aws-cdk-go/awscdk/v2.aws_events.IRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.IAccelerator, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.IEndpointGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_globalaccelerator.IListener, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IIdentity, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IResourceWithPolicy, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.ISamlProvider, github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IUser, github.com/aws/aws-cdk-go/awscdk/v2.aws_kinesis.IStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IAlias, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ICodeSigningConfig, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IEventSourceMapping, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IFunction, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IScalableFunctionAttribute, github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.IVersion, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.ILogGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_logs.ILogStream, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IDatabaseProxy, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IOptionGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IParameterGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.IServerlessCluster, github.com/aws/aws-cdk-go/awscdk/v2.aws_rds.ISubnetGroup, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.IHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.IPrivateHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.IPublicHostedZone, github.com/aws/aws-cdk-go/awscdk/v2.aws_route53.IRecordSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_s3.IBucket, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.ISecret, github.com/aws/aws-cdk-go/awscdk/v2.aws_secretsmanager.ISecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IHttpNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IInstance, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.INamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IPrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IPublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk/v2.aws_servicediscovery.IService, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.IReceiptRule, github.com/aws/aws-cdk-go/awscdk/v2.aws_ses.IReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk/v2.aws_signer.ISigningProfile, github.com/aws/aws-cdk-go/awscdk/v2.aws_sns.ITopic, github.com/aws/aws-cdk-go/awscdk/v2.aws_sqs.IQueue, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.IParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.IStringListParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_ssm.IStringParameter, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.IActivity, github.com/aws/aws-cdk-go/awscdk/v2.aws_stepfunctions.IStateMachine, github.com/aws/aws-cdk-go/awscdk/v2.IResource, IConstruct, IDependable, github.com/aws/aws-cdk-go/awscdk.aws_acmpca.ICertificateAuthority, github.com/aws/aws-cdk-go/awscdk.aws_amplify.IApp, github.com/aws/aws-cdk-go/awscdk.aws_amplify.IBranch, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IApiKey, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IDomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IGatewayResponse, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IRequestValidator, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IResource, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IRestApi, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IStage, github.com/aws/aws-cdk-go/awscdk.aws_apigateway.IVpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IApiMapping, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IDomainName, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpAuthorizer, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IHttpStage, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IStage, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IVpcLink, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IWebSocketApi, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IWebSocketIntegration, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IWebSocketRoute, github.com/aws/aws-cdk-go/awscdk.aws_apigatewayv2.IWebSocketStage, github.com/aws/aws-cdk-go/awscdk.aws_applicationautoscaling.IScalableTarget, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IGatewayRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IMesh, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IRoute, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IVirtualGateway, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IVirtualNode, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IVirtualRouter, github.com/aws/aws-cdk-go/awscdk.aws_appmesh.IVirtualService, github.com/aws/aws-cdk-go/awscdk.aws_appsync.IAppsyncFunction, github.com/aws/aws-cdk-go/awscdk.aws_appsync.IGraphqlApi, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.IAutoScalingGroup, github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.ILifecycleHook, github.com/aws/aws-cdk-go/awscdk.aws_backup.IBackupPlan, github.com/aws/aws-cdk-go/awscdk.aws_backup.IBackupVault, github.com/aws/aws-cdk-go/awscdk.aws_batch.IComputeEnvironment, github.com/aws/aws-cdk-go/awscdk.aws_batch.IJobDefinition, github.com/aws/aws-cdk-go/awscdk.aws_batch.IJobQueue, github.com/aws/aws-cdk-go/awscdk.aws_certificatemanager.ICertificate, github.com/aws/aws-cdk-go/awscdk.aws_chatbot.ISlackChannelConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_cloud9.IEc2Environment, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.IDistribution, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.IKeyGroup, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.IOriginAccessIdentity, github.com/aws/aws-cdk-go/awscdk.aws_cloudfront.IPublicKey, github.com/aws/aws-cdk-go/awscdk.aws_cloudwatch.IAlarm, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.IProject, github.com/aws/aws-cdk-go/awscdk.aws_codebuild.IReportGroup, github.com/aws/aws-cdk-go/awscdk.aws_codecommit.IRepository, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.IEcsApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.IEcsDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ILambdaApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.ILambdaDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.IServerApplication, github.com/aws/aws-cdk-go/awscdk.aws_codedeploy.IServerDeploymentGroup, github.com/aws/aws-cdk-go/awscdk.aws_codeguruprofiler.IProfilingGroup, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline.IPipeline, github.com/aws/aws-cdk-go/awscdk.aws_codepipeline_actions.IJenkinsProvider, github.com/aws/aws-cdk-go/awscdk.aws_codestar.IGitHubRepository, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPool, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPoolClient, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPoolDomain, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPoolIdentityProvider, github.com/aws/aws-cdk-go/awscdk.aws_cognito.IUserPoolResourceServer, github.com/aws/aws-cdk-go/awscdk.aws_config.IRule, github.com/aws/aws-cdk-go/awscdk.aws_docdb.IClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_docdb.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_docdb.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_dynamodb.ITable, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IClientVpnEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IFlowLog, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IGatewayVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IInstance, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IInterfaceVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ILaunchTemplate, github.com/aws/aws-cdk-go/awscdk.aws_ec2.INetworkAcl, github.com/aws/aws-cdk-go/awscdk.aws_ec2.INetworkAclEntry, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IPrivateSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IPublicSubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnet, github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnetNetworkAclAssociation, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVolume, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpcEndpoint, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpcEndpointService, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpnConnection, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpnGateway, github.com/aws/aws-cdk-go/awscdk.aws_ecr.IRepository, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IBaseService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IEc2Service, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IEc2TaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IFargateService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IFargateTaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_ecs.IService, github.com/aws/aws-cdk-go/awscdk.aws_ecs.ITaskDefinition, github.com/aws/aws-cdk-go/awscdk.aws_efs.IAccessPoint, github.com/aws/aws-cdk-go/awscdk.aws_efs.IFileSystem, github.com/aws/aws-cdk-go/awscdk.aws_eks.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_eks.INodegroup, github.com/aws/aws-cdk-go/awscdk.aws_eks_legacy.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.IApplicationListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.IApplicationLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.IApplicationTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ILoadBalancerV2, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.INetworkListener, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.INetworkLoadBalancer, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.INetworkTargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticloadbalancingv2.ITargetGroup, github.com/aws/aws-cdk-go/awscdk.aws_elasticsearch.IDomain, github.com/aws/aws-cdk-go/awscdk.aws_events.IEventBus, github.com/aws/aws-cdk-go/awscdk.aws_events.IRule, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.IAccelerator, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.IEndpointGroup, github.com/aws/aws-cdk-go/awscdk.aws_globalaccelerator.IListener, github.com/aws/aws-cdk-go/awscdk.aws_glue.IConnection, github.com/aws/aws-cdk-go/awscdk.aws_glue.IDatabase, github.com/aws/aws-cdk-go/awscdk.aws_glue.ISecurityConfiguration, github.com/aws/aws-cdk-go/awscdk.aws_glue.ITable, github.com/aws/aws-cdk-go/awscdk.aws_iam.IGroup, github.com/aws/aws-cdk-go/awscdk.aws_iam.IIdentity, github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.IPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.IResourceWithPolicy, github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, github.com/aws/aws-cdk-go/awscdk.aws_iam.ISamlProvider, github.com/aws/aws-cdk-go/awscdk.aws_iam.IUser, github.com/aws/aws-cdk-go/awscdk.aws_ivs.IChannel, github.com/aws/aws-cdk-go/awscdk.aws_ivs.IPlaybackKeyPair, github.com/aws/aws-cdk-go/awscdk.aws_ivs.IStreamKey, github.com/aws/aws-cdk-go/awscdk.aws_kinesis.IStream, github.com/aws/aws-cdk-go/awscdk.aws_kinesisanalytics_flink.IApplication, github.com/aws/aws-cdk-go/awscdk.aws_kms.IAlias, github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IAlias, github.com/aws/aws-cdk-go/awscdk.aws_lambda.ICodeSigningConfig, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IEventSourceMapping, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IFunction, github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IScalableFunctionAttribute, github.com/aws/aws-cdk-go/awscdk.aws_lambda.IVersion, github.com/aws/aws-cdk-go/awscdk.aws_logs.ILogGroup, github.com/aws/aws-cdk-go/awscdk.aws_logs.ILogStream, github.com/aws/aws-cdk-go/awscdk.aws_msk.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_neptune.IClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_neptune.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_neptune.IParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_neptune.ISubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.IDatabaseCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.IDatabaseInstance, github.com/aws/aws-cdk-go/awscdk.aws_rds.IDatabaseProxy, github.com/aws/aws-cdk-go/awscdk.aws_rds.IOptionGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.IParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_rds.IServerlessCluster, github.com/aws/aws-cdk-go/awscdk.aws_rds.ISubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.ICluster, github.com/aws/aws-cdk-go/awscdk.aws_redshift.IClusterParameterGroup, github.com/aws/aws-cdk-go/awscdk.aws_redshift.IClusterSubnetGroup, github.com/aws/aws-cdk-go/awscdk.aws_route53.IHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.IPrivateHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.IPublicHostedZone, github.com/aws/aws-cdk-go/awscdk.aws_route53.IRecordSet, github.com/aws/aws-cdk-go/awscdk.aws_s3.IBucket, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.ISecret, github.com/aws/aws-cdk-go/awscdk.aws_secretsmanager.ISecretTargetAttachment, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IHttpNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IInstance, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.INamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IPrivateDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IPublicDnsNamespace, github.com/aws/aws-cdk-go/awscdk.aws_servicediscovery.IService, github.com/aws/aws-cdk-go/awscdk.aws_ses.IReceiptRule, github.com/aws/aws-cdk-go/awscdk.aws_ses.IReceiptRuleSet, github.com/aws/aws-cdk-go/awscdk.aws_signer.ISigningProfile, github.com/aws/aws-cdk-go/awscdk.aws_sns.ITopic, github.com/aws/aws-cdk-go/awscdk.aws_sqs.IQueue, github.com/aws/aws-cdk-go/awscdk.aws_ssm.IParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssm.IStringListParameter, github.com/aws/aws-cdk-go/awscdk.aws_ssm.IStringParameter, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.IActivity, github.com/aws/aws-cdk-go/awscdk.aws_stepfunctions.IStateMachine, github.com/aws/aws-cdk-go/awscdk.IConstruct, github.com/aws/aws-cdk-go/awscdk.IResource Trait marker for classes that can be depended upon. The presence of this interface indicates that an object has an \`IDependableTrait\` implementation. This interface can be used to take an (ordering) dependency on a set of constructs. An ordering dependency implies that the resources represented by those constructs are deployed before the resources depending ON them are deployed. ### IValidation - *Implemented By:* IValidation Implement this interface in order for the construct to be able to validate itself. Implement this interface in order for the construct to be able to validate itself. #### Methods | **Name** | **Description** | | --- | --- | | Validate | Validate the current construct. | --- ##### \`Validate\` \`\`\`go func Validate() *[]*string \`\`\` Validate the current construct. This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis. Validate the current construct. This method can be implemented by derived constructs in order to perform validation logic. It is called on all constructs before synthesis. ## Enums ### ConstructOrder In what order to return constructs. #### Members | **Name** | **Description** | | --- | --- | | ConstructOrder_PREORDER | Depth-first, pre-order. | | ConstructOrder_POSTORDER | Depth-first, post-order (leaf nodes first). | --- ##### \`ConstructOrder_PREORDER\` Depth-first, pre-order. --- ##### \`ConstructOrder_POSTORDER\` Depth-first, post-order (leaf nodes first). --- " `; exports[`go snapshot - submodules 1`] = ` "# Amazon EKS Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This construct library allows you to define [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com/eks/) clusters. In addition, the library also supports defining Kubernetes resource manifests within EKS clusters. ## Table Of Contents * [Quick Start](#quick-start) * [API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-eks-readme.html) * [Architectural Overview](#architectural-overview) * [Provisioning clusters](#provisioning-clusters) * [Managed node groups](#managed-node-groups) * [Fargate Profiles](#fargate-profiles) * [Self-managed nodes](#self-managed-nodes) * [Endpoint Access](#endpoint-access) * [VPC Support](#vpc-support) * [Kubectl Support](#kubectl-support) * [ARM64 Support](#arm64-support) * [Masters Role](#masters-role) * [Encryption](#encryption) * [Permissions and Security](#permissions-and-security) * [Applying Kubernetes Resources](#applying-kubernetes-resources) * [Kubernetes Manifests](#kubernetes-manifests) * [Helm Charts](#helm-charts) * [CDK8s Charts](#cdk8s-charts) * [Patching Kubernetes Resources](#patching-kubernetes-resources) * [Querying Kubernetes Resources](#querying-kubernetes-resources) * [Using existing clusters](#using-existing-clusters) * [Known Issues and Limitations](#known-issues-and-limitations) ## Quick Start This example defines an Amazon EKS cluster with the following configuration: * Dedicated VPC with default configuration (Implicitly created using [ec2.Vpc](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html#vpc)) * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image. \`\`\`ts // provisiong a cluster const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, }); // apply a kubernetes manifest to the cluster cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ] } }); \`\`\` In order to interact with your cluster through \`kubectl\`, you can use the \`aws eks update-kubeconfig\` [AWS CLI command](https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html) to configure your local kubeconfig. The EKS module will define a CloudFormation output in your stack which contains the command to run. For example: \`\`\`plaintext Outputs: ClusterConfigCommand43AAE40F = aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy \`\`\` Execute the \`aws eks update-kubeconfig ...\` command in your terminal to create or update a local kubeconfig context: \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` And now you can simply use \`kubectl\`: \`\`\`console $ kubectl get all -n kube-system NAME READY STATUS RESTARTS AGE pod/aws-node-fpmwv 1/1 Running 0 21m pod/aws-node-m9htf 1/1 Running 0 21m pod/coredns-5cb4fb54c7-q222j 1/1 Running 0 23m pod/coredns-5cb4fb54c7-v9nxx 1/1 Running 0 23m ... \`\`\` ## Architectural Overview The following is a qualitative diagram of the various possible components involved in the cluster deployment. \`\`\`text +-----------------------------------------------+ +-----------------+ | EKS Cluster | kubectl | | |-----------------------------------------------|<-------------+| Kubectl Handler | | | | | | | +-----------------+ | +--------------------+ +-----------------+ | | | | | | | | | Managed Node Group | | Fargate Profile | | +-----------------+ | | | | | | | | | +--------------------+ +-----------------+ | | Cluster Handler | | | | | +-----------------------------------------------+ +-----------------+ ^ ^ + | | | | connect self managed capacity | | aws-sdk | | create/update/delete | + | v +--------------------+ + +-------------------+ | | --------------+| eks.amazonaws.com | | Auto Scaling Group | +-------------------+ | | +--------------------+ \`\`\` In a nutshell: * \`EKS Cluster\` - The cluster endpoint created by EKS. * \`Managed Node Group\` - EC2 worker nodes managed by EKS. * \`Fargate Profile\` - Fargate worker nodes managed by EKS. * \`Auto Scaling Group\` - EC2 worker nodes managed by the user. * \`KubectlHandler\` - Lambda function for invoking \`kubectl\` commands on the cluster - created by CDK. * \`ClusterHandler\` - Lambda function for interacting with EKS API to manage the cluster lifecycle - created by CDK. A more detailed breakdown of each is provided further down this README. ## Provisioning clusters Creating a new cluster is done using the \`Cluster\` or \`FargateCluster\` constructs. The only required property is the kubernetes \`version\`. \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` You can also use \`FargateCluster\` to provision a cluster that uses only fargate workers. \`\`\`ts new eks.FargateCluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` > **NOTE: Only 1 cluster per stack is supported.** If you have a use-case for multiple clusters per stack, or would like to understand more about this limitation, see . Below you'll find a few important cluster configuration options. First of which is Capacity. Capacity is the amount and the type of worker nodes that are available to the cluster for deploying resources. Amazon EKS offers 3 ways of configuring capacity, which you can combine as you like: ### Managed node groups Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. With Amazon EKS managed node groups, you don’t need to separately provision or register the Amazon EC2 instances that provide compute capacity to run your Kubernetes applications. You can create, update, or terminate nodes for your cluster with a single operation. Nodes run using the latest Amazon EKS optimized AMIs in your AWS account while node updates and terminations gracefully drain nodes to ensure that your applications stay available. > For more details visit [Amazon EKS Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). **Managed Node Groups are the recommended way to allocate cluster capacity.** By default, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). At cluster instantiation time, you can customize the number of instances and their type: \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); \`\`\` To access the node group that was created on your behalf, you can use \`cluster.defaultNodegroup\`. Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the \`cluster.addNodegroupCapacity\` method: \`\`\`ts const cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 0, }); cluster.addNodegroupCapacity('custom-node-group', { instanceTypes: [new ec2.InstanceType('m5.large')], minSize: 4, diskSize: 100, amiType: eks.NodegroupAmiType.AL2_X86_64_GPU, ... }); \`\`\` #### Spot Instances Support Use \`capacityType\` to create managed node groups comprised of spot instances. To maximize the availability of your applications while using Spot Instances, we recommend that you configure a Spot managed node group to use multiple instance types with the \`instanceTypes\` property. > For more details visit [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types). \`\`\`ts cluster.addNodegroupCapacity('extra-ng-spot', { instanceTypes: [ new ec2.InstanceType('c5.large'), new ec2.InstanceType('c5a.large'), new ec2.InstanceType('c5d.large'), ], minSize: 3, capacityType: eks.CapacityType.SPOT, }); \`\`\` #### Launch Template Support You can specify a launch template that the node group will use. For example, this can be useful if you want to use a custom AMI or add custom user data. When supplying a custom user data script, it must be encoded in the MIME multi-part archive format, since Amazon EKS merges with its own user data. Visit the [Launch Template Docs](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data) for mode details. \`\`\`ts const userData = \`MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "Running custom user data script" --==MYBOUNDARY==--\\\\ \`; const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { instanceType: 't3.small', userData: Fn.base64(userData), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` Note that when using a custom AMI, Amazon EKS doesn't merge any user data. Which means you do not need the multi-part encoding. and are responsible for supplying the required bootstrap commands for nodes to join the cluster. In the following example, \`/ect/eks/bootstrap.sh\` from the AMI will be used to bootstrap the node. \`\`\`ts const userData = ec2.UserData.forLinux(); userData.addCommands( 'set -o xtrace', \`/etc/eks/bootstrap.sh \${cluster.clusterName}\`, ); const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { imageId: 'some-ami-id', // custom AMI instanceType: 't3.small', userData: Fn.base64(userData.render()), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` You may specify one \`instanceType\` in the launch template or multiple \`instanceTypes\` in the node group, **but not both**. > For more details visit [Launch Template Support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). Graviton 2 instance types are supported including \`c6g\`, \`m6g\`, \`r6g\` and \`t4g\`. ### Fargate profiles AWS Fargate is a technology that provides on-demand, right-sized compute capacity for containers. With AWS Fargate, you no longer have to provision, configure, or scale groups of virtual machines to run containers. This removes the need to choose server types, decide when to scale your node groups, or optimize cluster packing. You can control which pods start on Fargate and how they run with Fargate Profiles, which are defined as part of your Amazon EKS cluster. See [Fargate Considerations](https://docs.aws.amazon.com/eks/latest/userguide/fargate.html#fargate-considerations) in the AWS EKS User Guide. You can add Fargate Profiles to any EKS cluster defined in your CDK app through the \`addFargateProfile()\` method. The following example adds a profile that will match all pods from the "default" namespace: \`\`\`ts cluster.addFargateProfile('MyProfile', { selectors: [ { namespace: 'default' } ] }); \`\`\` You can also directly use the \`FargateProfile\` construct to create profiles under different scopes: \`\`\`ts new eks.FargateProfile(scope, 'MyProfile', { cluster, ... }); \`\`\` To create an EKS cluster that **only** uses Fargate capacity, you can use \`FargateCluster\`. The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns). \`\`\`ts const cluster = new eks.FargateCluster(this, 'MyCluster', { version: eks.KubernetesVersion.V1_19, }); \`\`\` **NOTE**: Classic Load Balancers and Network Load Balancers are not supported on pods running on Fargate. For ingress, we recommend that you use the [ALB Ingress Controller](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) on Amazon EKS (minimum version v1.1.4). ### Self-managed nodes Another way of allocating capacity to an EKS cluster is by using self-managed nodes. EC2 instances that are part of the auto-scaling group will serve as worker nodes for the cluster. This type of capacity is also commonly referred to as *EC2 Capacity** or *EC2 Nodes*. For a detailed overview please visit [Self Managed Nodes](https://docs.aws.amazon.com/eks/latest/userguide/worker.html). Creating an auto-scaling group and connecting it to the cluster is done using the \`cluster.addAutoScalingGroupCapacity\` method: \`\`\`ts cluster.addAutoScalingGroupCapacity('frontend-nodes', { instanceType: new ec2.InstanceType('t2.medium'), minCapacity: 3, vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC } }); \`\`\` To connect an already initialized auto-scaling group, use the \`cluster.connectAutoScalingGroupCapacity()\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...); cluster.connectAutoScalingGroupCapacity(asg); \`\`\` In both cases, the [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#cluster-sg) will be automatically attached to the auto-scaling group, allowing for traffic to flow freely between managed and self-managed nodes. > **Note:** The default \`updateType\` for auto-scaling groups does not replace existing nodes. Since security groups are determined at launch time, self-managed nodes that were provisioned with version \`1.78.0\` or lower, will not be updated. > To apply the new configuration on all your self-managed nodes, you'll need to replace the nodes using the \`UpdateType.REPLACING_UPDATE\` policy for the [\`updateType\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-autoscaling.AutoScalingGroup.html#updatetypespan-classapi-icon-api-icon-deprecated-titlethis-api-element-is-deprecated-its-use-is-not-recommended%EF%B8%8Fspan) property. You can customize the [/etc/eks/boostrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) script, which is responsible for bootstrapping the node to the EKS cluster. For example, you can use \`kubeletExtraArgs\` to add custom node labels or taints. \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { instanceType: new ec2.InstanceType('t3.large'), minCapacity: 2, bootstrapOptions: { kubeletExtraArgs: '--node-labels foo=bar,goo=far', awsApiRetryAttempts: 5 } }); \`\`\` To disable bootstrapping altogether (i.e. to fully customize user-data), set \`bootstrapEnabled\` to \`false\`. You can also configure the cluster to use an auto-scaling group as the default capacity: \`\`\`ts cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacityType: eks.DefaultCapacityType.EC2, }); \`\`\` This will allocate an auto-scaling group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). To access the \`AutoScalingGroup\` that was created on your behalf, you can use \`cluster.defaultCapacity\`. You can also independently create an \`AutoScalingGroup\` and connect it to the cluster using the \`cluster.connectAutoScalingGroupCapacity\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...) cluster.connectAutoScalingGroupCapacity(asg); \`\`\` This will add the necessary user-data to access the apiserver and configure all connections, roles, and tags needed for the instances in the auto-scaling group to properly join the cluster. #### Spot Instances When using self-managed nodes, you can configure the capacity to use spot instances, greatly reducing capacity cost. To enable spot capacity, use the \`spotPrice\` property: \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { spotPrice: '0.1094', instanceType: new ec2.InstanceType('t3.large'), maxCapacity: 10 }); \`\`\` > Spot instance nodes will be labeled with \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. The [AWS Node Termination Handler](https://github.com/aws/aws-node-termination-handler) \`DaemonSet\` will be installed from [Amazon EKS Helm chart repository](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler) on these nodes. The termination handler ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as [EC2 maintenance events](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) and [EC2 Spot interruptions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html) and helps gracefully stop all pods running on spot nodes that are about to be terminated. > Handler Version: [1.7.0](https://github.com/aws/aws-node-termination-handler/releases/tag/v1.7.0) > > Chart Version: [0.9.5](https://github.com/aws/eks-charts/blob/v0.0.28/stable/aws-node-termination-handler/Chart.yaml) To disable the installation of the termination handler, set the \`spotInterruptHandler\` property to \`false\`. This applies both to \`addAutoScalingGroupCapacity\` and \`connectAutoScalingGroupCapacity\`. #### Bottlerocket [Bottlerocket](https://aws.amazon.com/bottlerocket/) is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts. At this moment, \`Bottlerocket\` is only supported when using self-managed auto-scaling groups. > **NOTICE**: Bottlerocket is only available in [some supported AWS regions](https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#finding-an-ami). The following example will create an auto-scaling group of 2 \`t3.small\` Linux instances running with the \`Bottlerocket\` AMI. \`\`\`ts cluster.addAutoScalingGroupCapacity('BottlerocketNodes', { instanceType: new ec2.InstanceType('t3.small'), minCapacity: 2, machineImageType: eks.MachineImageType.BOTTLEROCKET }); \`\`\` The specific Bottlerocket AMI variant will be auto selected according to the k8s version for the \`x86_64\` architecture. For example, if the Amazon EKS cluster version is \`1.17\`, the Bottlerocket AMI variant will be auto selected as \`aws-k8s-1.17\` behind the scene. > See [Variants](https://github.com/bottlerocket-os/bottlerocket/blob/develop/README.md#variants) for more details. Please note Bottlerocket does not allow to customize bootstrap options and \`bootstrapOptions\` properties is not supported when you create the \`Bottlerocket\` capacity. ### Endpoint Access When you create a new cluster, Amazon EKS creates an endpoint for the managed Kubernetes API server that you use to communicate with your cluster (using Kubernetes management tools such as \`kubectl\`) By default, this API server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC). You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the \`endpointAccess\` property: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, endpointAccess: eks.EndpointAccess.PRIVATE // No access outside of your VPC. }); \`\`\` The default value is \`eks.EndpointAccess.PUBLIC_AND_PRIVATE\`. Which means the cluster endpoint is accessible from outside of your VPC, but worker node traffic and \`kubectl\` commands issued by this library stay within your VPC. ### VPC Support You can specify the VPC of the cluster using the \`vpc\` and \`vpcSubnets\` properties: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }] }); \`\`\` > Note: Isolated VPCs (i.e with no internet access) are not currently supported. See https://github.com/aws/aws-cdk/issues/12171 If you do not specify a VPC, one will be created on your behalf, which you can then access via \`cluster.vpc\`. The cluster VPC will be associated to any EKS managed capacity (i.e Managed Node Groups and Fargate Profiles). If you allocate self managed capacity, you can specify which subnets should the auto-scaling group use: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); cluster.addAutoScalingGroupCapacity('nodes', { vpcSubnets: { subnets: vpc.privateSubnets } }); \`\`\` There are two additional components you might want to provision within the VPC. #### Kubectl Handler The \`KubectlHandler\` is a Lambda function responsible to issuing \`kubectl\` and \`helm\` commands against the cluster when you add resource manifests to the cluster. The handler association to the VPC is derived from the \`endpointAccess\` configuration. The rule of thumb is: *If the cluster VPC can be associated, it will be*. Breaking this down, it means that if the endpoint exposes private access (via \`EndpointAccess.PRIVATE\` or \`EndpointAccess.PUBLIC_AND_PRIVATE\`), and the VPC contains **private** subnets, the Lambda function will be provisioned inside the VPC and use the private subnets to interact with the cluster. This is the common use-case. If the endpoint does not expose private access (via \`EndpointAccess.PUBLIC\`) **or** the VPC does not contain private subnets, the function will not be provisioned within the VPC. #### Cluster Handler The \`ClusterHandler\` is a Lambda function responsible to interact with the EKS API in order to control the cluster lifecycle. To provision this function inside the VPC, set the \`placeClusterHandlerInVpc\` property to \`true\`. This will place the function inside the private subnets of the VPC based on the selection strategy specified in the [\`vpcSubnets\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-eks.Cluster.html#vpcsubnetsspan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) property. You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, clusterHandlerEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` ### Kubectl Support The resources are created in the cluster by running \`kubectl apply\` from a python lambda function. #### Environment You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` #### Runtime The kubectl handler uses \`kubectl\`, \`helm\` and the \`aws\` CLI in order to interact with the cluster. These are bundled into AWS Lambda layers included in the \`@aws-cdk/lambda-layer-awscli\` and \`@aws-cdk/lambda-layer-kubectl\` modules. You can specify a custom \`lambda.LayerVersion\` if you wish to use a different version of these tools. The handler expects the layer to include the following three executables: \`\`\`text helm/helm kubectl/kubectl awscli/aws \`\`\` See more information in the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-awscli/layer) for @aws-cdk/lambda-layer-awscli and the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-kubectl/layer) for @aws-cdk/lambda-layer-kubectl. \`\`\`ts const layer = new lambda.LayerVersion(this, 'KubectlLayer', { code: lambda.Code.fromAsset('layer.zip'), }); \`\`\` Now specify when the cluster is defined: \`\`\`ts const cluster = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, }); // or const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlLayer: layer, }); \`\`\` #### Memory By default, the kubectl provider is configured with 1024MiB of memory. You can use the \`kubectlMemory\` option to specify the memory size for the AWS Lambda function: \`\`\`ts import { Size } from 'aws-cdk-lib'; new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); // or eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); \`\`\` ### ARM64 Support Instance types with \`ARM64\` architecture are supported in both managed nodegroup and self-managed capacity. Simply specify an ARM64 \`instanceType\` (such as \`m6g.medium\`), and the latest Amazon Linux 2 AMI for ARM64 will be automatically selected. \`\`\`ts // add a managed ARM64 nodegroup cluster.addNodegroupCapacity('extra-ng-arm', { instanceTypes: [new ec2.InstanceType('m6g.medium')], minSize: 2, }); // add a self-managed ARM64 nodegroup cluster.addAutoScalingGroupCapacity('self-ng-arm', { instanceType: new ec2.InstanceType('m6g.medium'), minCapacity: 2, }) \`\`\` ### Masters Role When you create a cluster, you can specify a \`mastersRole\`. The \`Cluster\` construct will associate this role with the \`system:masters\` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster. \`\`\`ts const role = new iam.Role(...); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, mastersRole: role, }); \`\`\` If you do not specify it, a default role will be created on your behalf, that can be assumed by anyone in the account with \`sts:AssumeRole\` permissions for this role. This is the role you see as part of the stack outputs mentioned in the [Quick Start](#quick-start). \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` ### Encryption When you create an Amazon EKS cluster, envelope encryption of Kubernetes secrets using the AWS Key Management Service (AWS KMS) can be enabled. The documentation on [creating a cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) can provide more details about the customer master key (CMK) that can be used for the encryption. You can use the \`secretsEncryptionKey\` to configure which key the cluster will use to encrypt Kubernetes secrets. By default, an AWS Managed key will be used. > This setting can only be specified when the cluster is created and cannot be updated. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, // ... }); \`\`\` You can also use a similar configuration for running a cluster built using the FargateCluster construct. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey }); \`\`\` The Amazon Resource Name (ARN) for that CMK can be retrieved. \`\`\`ts const clusterEncryptionConfigKeyArn = cluster.clusterEncryptionConfigKeyArn; \`\`\` ## Permissions and Security Amazon EKS provides several mechanism of securing the cluster and granting permissions to specific IAM users and roles. ### AWS IAM Mapping As described in the [Amazon EKS User Guide](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html), you can map AWS IAM users and roles to [Kubernetes Role-based access control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac). The Amazon EKS construct manages the *aws-auth* \`ConfigMap\` Kubernetes resource on your behalf and exposes an API through the \`cluster.awsAuth\` for mapping users, roles and accounts. Furthermore, when auto-scaling group capacity is added to the cluster, the IAM instance role of the auto-scaling group will be automatically mapped to RBAC so nodes can connect to the cluster. No manual mapping is required. For example, let's say you want to grant an IAM user administrative privileges on your cluster: \`\`\`ts const adminUser = new iam.User(this, 'Admin'); cluster.awsAuth.addUserMapping(adminUser, { groups: [ 'system:masters' ]}); \`\`\` A convenience method for mapping a role to the \`system:masters\` group is also available: \`\`\`ts cluster.awsAuth.addMastersRole(role) \`\`\` ### Cluster Security Group When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) is automatically created as well. This security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. The ID for that security group can be retrieved after creating the cluster. \`\`\`ts const clusterSecurityGroupId = cluster.clusterSecurityGroupId; \`\`\` ### Node SSH Access If you want to be able to SSH into your worker nodes, you must already have an SSH key in the region you're connecting to and pass it when you add capacity to the cluster. You must also be able to connect to the hosts (meaning they must have a public IP and you should be allowed to connect to them on port 22): See [SSH into nodes](test/example.ssh-into-nodes.lit.ts) for a code example. If you want to SSH into nodes in a private subnet, you should set up a bastion host in a public subnet. That setup is recommended, but is unfortunately beyond the scope of this documentation. ### Service Accounts With services account you can provide Kubernetes Pods access to AWS resources. \`\`\`ts // add service account const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); const mypod = cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { serviceAccountName: sa.serviceAccountName containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ], } ] } }); // create the resource after the service account. mypod.node.addDependency(sa); // print the IAM role arn for this service account new cdk.CfnOutput(this, 'ServiceAccountIamRole', { value: sa.role.roleArn }) \`\`\` Note that using \`sa.serviceAccountName\` above **does not** translate into a resource dependency. This is why an explicit dependency is needed. See for more details. You can also add service accounts to existing clusters. To do so, pass the \`openIdConnectProvider\` property when you import the cluster into the application. \`\`\`ts // you can import an existing provider const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC'); // or create a new one using an existing issuer url const provider = new eks.OpenIdConnectProvider(this, 'Provider', issuerUrl); const cluster = eks.Cluster.fromClusterAttributes({ clusterName: 'Cluster', openIdConnectProvider: provider, kubectlRoleArn: 'arn:aws:iam::123456:role/service-role/k8sservicerole', }); const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); // ... \`\`\` Note that adding service accounts requires running \`kubectl\` commands against the cluster. This means you must also pass the \`kubectlRoleArn\` when importing the cluster. See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/master/packages/@aws-cdk/aws-eks#using-existing-clusters). ## Applying Kubernetes Resources The library supports several popular resource deployment mechanisms, among which are: ### Kubernetes Manifests The \`KubernetesManifest\` construct or \`cluster.addManifest\` method can be used to apply Kubernetes resource manifests to this cluster. > When using \`cluster.addManifest\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new KubernetesManifest\` to create the manifest in the scope of the other stack. The following examples will deploy the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) service on the cluster: \`\`\`ts const appLabel = { app: "hello-kubernetes" }; const deployment = { apiVersion: "apps/v1", kind: "Deployment", metadata: { name: "hello-kubernetes" }, spec: { replicas: 3, selector: { matchLabels: appLabel }, template: { metadata: { labels: appLabel }, spec: { containers: [ { name: "hello-kubernetes", image: "paulbouwer/hello-kubernetes:1.5", ports: [ { containerPort: 8080 } ] } ] } } } }; const service = { apiVersion: "v1", kind: "Service", metadata: { name: "hello-kubernetes" }, spec: { type: "LoadBalancer", ports: [ { port: 80, targetPort: 8080 } ], selector: appLabel } }; // option 1: use a construct new KubernetesManifest(this, 'hello-kub', { cluster, manifest: [ deployment, service ] }); // or, option2: use \`addManifest\` cluster.addManifest('hello-kub', service, deployment); \`\`\` #### Adding resources from a URL The following example will deploy the resource manifest hosting on remote server: \`\`\`ts import * as yaml from 'js-yaml'; import * as request from 'sync-request'; const manifestUrl = 'https://url/of/manifest.yaml'; const manifest = yaml.safeLoadAll(request('GET', manifestUrl).getBody()); cluster.addManifest('my-resource', ...manifest); \`\`\` #### Dependencies There are cases where Kubernetes resources must be deployed in a specific order. For example, you cannot define a resource in a Kubernetes namespace before the namespace was created. You can represent dependencies between \`KubernetesManifest\`s using \`resource.node.addDependency()\`: \`\`\`ts const namespace = cluster.addManifest('my-namespace', { apiVersion: 'v1', kind: 'Namespace', metadata: { name: 'my-app' } }); const service = cluster.addManifest('my-service', { metadata: { name: 'myservice', namespace: 'my-app' }, spec: // ... }); service.node.addDependency(namespace); // will apply \`my-namespace\` before \`my-service\`. \`\`\` **NOTE:** when a \`KubernetesManifest\` includes multiple resources (either directly or through \`cluster.addManifest()\`) (e.g. \`cluster.addManifest('foo', r1, r2, r3,...)\`), these resources will be applied as a single manifest via \`kubectl\` and will be applied sequentially (the standard behavior in \`kubectl\`). --- Since Kubernetes manifests are implemented as CloudFormation resources in the CDK. This means that if the manifest is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`kubectl delete\` command and the Kubernetes resources in that manifest will be deleted. #### Resource Pruning When a resource is deleted from a Kubernetes manifest, the EKS module will automatically delete these resources by injecting a _prune label_ to all manifest resources. This label is then passed to [\`kubectl apply --prune\`]. [\`kubectl apply --prune\`]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label Pruning is enabled by default but can be disabled through the \`prune\` option when a cluster is defined: \`\`\`ts new Cluster(this, 'MyCluster', { prune: false }); \`\`\` #### Manifests Validation The \`kubectl\` CLI supports applying a manifest by skipping the validation. This can be accomplished by setting the \`skipValidation\` flag to \`true\` in the \`KubernetesManifest\` props. \`\`\`ts new eks.KubernetesManifest(this, 'HelloAppWithoutValidation', { cluster: this.cluster, manifest: [ deployment, service ], skipValidation: true, }); \`\`\` ### Helm Charts The \`HelmChart\` construct or \`cluster.addHelmChart\` method can be used to add Kubernetes resources to this cluster using Helm. > When using \`cluster.addHelmChart\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new HelmChart\` to create the chart in the scope of the other stack. The following example will install the [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to your cluster using Helm. \`\`\`ts // option 1: use a construct new HelmChart(this, 'NginxIngress', { cluster, chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); // or, option2: use \`addHelmChart\` cluster.addHelmChart('NginxIngress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); \`\`\` Helm charts will be installed and updated using \`helm upgrade --install\`, where a few parameters are being passed down (such as \`repo\`, \`values\`, \`version\`, \`namespace\`, \`wait\`, \`timeout\`, etc). This means that if the chart is added to CDK with the same release name, it will try to update the chart in the cluster. Helm charts are implemented as CloudFormation resources in CDK. This means that if the chart is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`helm uninstall\` command and the Helm chart will be deleted. When there is no \`release\` defined, a unique ID will be allocated for the release based on the construct path. By default, all Helm charts will be installed concurrently. In some cases, this could cause race conditions where two Helm charts attempt to deploy the same resource or if Helm charts depend on each other. You can use \`chart.node.addDependency()\` in order to declare a dependency order between charts: \`\`\`ts const chart1 = cluster.addHelmChart(...); const chart2 = cluster.addHelmChart(...); chart2.node.addDependency(chart1); \`\`\` #### CDK8s Charts [CDK8s](https://cdk8s.io/) is an open-source library that enables Kubernetes manifest authoring using familiar programming languages. It is founded on the same technologies as the AWS CDK, such as [\`constructs\`](https://github.com/aws/constructs) and [\`jsii\`](https://github.com/aws/jsii). > To learn more about cdk8s, visit the [Getting Started](https://github.com/awslabs/cdk8s/tree/master/docs/getting-started) tutorials. The EKS module natively integrates with cdk8s and allows you to apply cdk8s charts on AWS EKS clusters via the \`cluster.addCdk8sChart\` method. In addition to \`cdk8s\`, you can also use [\`cdk8s+\`](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-plus), which provides higher level abstraction for the core kubernetes api objects. You can think of it like the \`L2\` constructs for Kubernetes. Any other \`cdk8s\` based libraries are also supported, for example [\`cdk8s-debore\`](https://github.com/toricls/cdk8s-debore). To get started, add the following dependencies to your \`package.json\` file: \`\`\`json "dependencies": { "cdk8s": "0.30.0", "cdk8s-plus": "0.30.0", "constructs": "3.0.4" } \`\`\` > Note that the version of \`cdk8s\` must be \`>=0.30.0\`. Similarly to how you would create a stack by extending \`@aws-cdk/core.Stack\`, we recommend you create a chart of your own that extends \`cdk8s.Chart\`, and add your kubernetes resources to it. You can use \`aws-cdk\` construct attributes and properties inside your \`cdk8s\` construct freely. In this example we create a chart that accepts an \`s3.Bucket\` and passes its name to a kubernetes pod as an environment variable. Notice that the chart must accept a \`constructs.Construct\` type as its scope, not an \`@aws-cdk/core.Construct\` as you would normally use. For this reason, to avoid possible confusion, we will create the chart in a separate file: \`+ my-chart.ts\` \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface MyChartProps { readonly bucket: s3.Bucket; } export class MyChart extends cdk8s.Chart { constructor(scope: constructs.Construct, id: string, props: MyChartProps) { super(scope, id); new kplus.Pod(this, 'Pod', { spec: { containers: [ new kplus.Container({ image: 'my-image', env: { BUCKET_NAME: kplus.EnvValue.fromValue(props.bucket.bucketName), }, }), ], }, }); } } \`\`\` Then, in your AWS CDK app: \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as cdk8s from 'cdk8s'; import { MyChart } from './my-chart'; // some bucket.. const bucket = new s3.Bucket(this, 'Bucket'); // create a cdk8s chart and use \`cdk8s.App\` as the scope. const myChart = new MyChart(new cdk8s.App(), 'MyChart', { bucket }); // add the cdk8s chart to the cluster cluster.addCdk8sChart('my-chart', myChart); \`\`\` ##### Custom CDK8s Constructs You can also compose a few stock \`cdk8s+\` constructs into your own custom construct. However, since mixing scopes between \`aws-cdk\` and \`cdk8s\` is currently not supported, the \`Construct\` class you'll need to use is the one from the [\`constructs\`](https://github.com/aws/constructs) module, and not from \`@aws-cdk/core\` like you normally would. This is why we used \`new cdk8s.App()\` as the scope of the chart above. \`\`\`ts import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface LoadBalancedWebService { readonly port: number; readonly image: string; readonly replicas: number; } export class LoadBalancedWebService extends constructs.Construct { constructor(scope: constructs.Construct, id: string, props: LoadBalancedWebService) { super(scope, id); const deployment = new kplus.Deployment(chart, 'Deployment', { spec: { replicas: props.replicas, podSpecTemplate: { containers: [ new kplus.Container({ image: props.image }) ] } }, }); deployment.expose({port: props.port, serviceType: kplus.ServiceType.LOAD_BALANCER}) } } \`\`\` ##### Manually importing k8s specs and CRD's If you find yourself unable to use \`cdk8s+\`, or just like to directly use the \`k8s\` native objects or CRD's, you can do so by manually importing them using the \`cdk8s-cli\`. See [Importing kubernetes objects](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-cli#import) for detailed instructions. ## Patching Kubernetes Resources The \`KubernetesPatch\` construct can be used to update existing kubernetes resources. The following example can be used to patch the \`hello-kubernetes\` deployment from the example above with 5 replicas. \`\`\`ts new KubernetesPatch(this, 'hello-kub-deployment-label', { cluster, resourceName: "deployment/hello-kubernetes", applyPatch: { spec: { replicas: 5 } }, restorePatch: { spec: { replicas: 3 } } }) \`\`\` ## Querying Kubernetes Resources The \`KubernetesObjectValue\` construct can be used to query for information about kubernetes objects, and use that as part of your CDK application. For example, you can fetch the address of a [\`LoadBalancer\`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) type service: \`\`\`ts // query the load balancer address const myServiceAddress = new KubernetesObjectValue(this, 'LoadBalancerAttribute', { cluster: cluster, objectType: 'service', objectName: 'my-service', jsonPath: '.status.loadBalancer.ingress[0].hostname', // https://kubernetes.io/docs/reference/kubectl/jsonpath/ }); // pass the address to a lambda function const proxyFunction = new lambda.Function(this, 'ProxyFunction', { ... environment: { myServiceAddress: myServiceAddress.value }, }) \`\`\` Specifically, since the above use-case is quite common, there is an easier way to access that information: \`\`\`ts const loadBalancerAddress = cluster.getServiceLoadBalancerAddress('my-service'); \`\`\` ## Using existing clusters The Amazon EKS library allows defining Kubernetes resources such as [Kubernetes manifests](#kubernetes-resources) and [Helm charts](#helm-charts) on clusters that are not defined as part of your CDK app. First, you'll need to "import" a cluster to your CDK app. To do that, use the \`eks.Cluster.fromClusterAttributes()\` static method: \`\`\`ts const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { clusterName: 'my-cluster-name', kubectlRoleArn: 'arn:aws:iam::1111111:role/iam-role-that-has-masters-access', }); \`\`\` Then, you can use \`addManifest\` or \`addHelmChart\` to define resources inside your Kubernetes cluster. For example: \`\`\`ts cluster.addManifest('Test', { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'myconfigmap', }, data: { Key: 'value', Another: '123454', }, }); \`\`\` At the minimum, when importing clusters for \`kubectl\` management, you will need to specify: * \`clusterName\` - the name of the cluster. * \`kubectlRoleArn\` - the ARN of an IAM role mapped to the \`system:masters\` RBAC role. If the cluster you are importing was created using the AWS CDK, the CloudFormation stack has an output that includes an IAM role that can be used. Otherwise, you can create an IAM role and map it to \`system:masters\` manually. The trust policy of this role should include the the \`arn:aws::iam::\${accountId}:root\` principal in order to allow the execution role of the kubectl resource to assume it. If the cluster is configured with private-only or private and restricted public Kubernetes [endpoint access](#endpoint-access), you must also specify: * \`kubectlSecurityGroupId\` - the ID of an EC2 security group that is allowed connections to the cluster's control security group. For example, the EKS managed [cluster security group](#cluster-security-group). * \`kubectlPrivateSubnetIds\` - a list of private VPC subnets IDs that will be used to access the Kubernetes endpoint. ## Known Issues and Limitations * [One cluster per stack](https://github.com/aws/aws-cdk/issues/10073) * [Service Account dependencies](https://github.com/aws/aws-cdk/issues/9910) * [Support isolated VPCs](https://github.com/aws/aws-cdk/issues/12171) # API Reference ## Constructs ### AwsAuth Manages mapping between IAM users and roles to Kubernetes RBAC configuration. > [https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewAwsAuth(scope Construct, id *string, props AwsAuthProps) AwsAuth \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | AwsAuthProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* AwsAuthProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | AddAccount | Additional AWS account to add to the aws-auth configmap. | | AddMastersRole | Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. | | AddRoleMapping | Adds a mapping between an IAM role to a Kubernetes user and groups. | | AddUserMapping | Adds a mapping between an IAM user to a Kubernetes user and groups. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`AddAccount\` \`\`\`go func AddAccount(accountId *string) \`\`\` Additional AWS account to add to the aws-auth configmap. ###### \`accountId\`Required - *Type:* *string account number. --- ##### \`AddMastersRole\` \`\`\`go func AddMastersRole(role IRole, username *string) \`\`\` Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. ###### \`role\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole The IAM role to add. --- ###### \`username\`Optional - *Type:* *string Optional user (defaults to the role ARN). --- ##### \`AddRoleMapping\` \`\`\`go func AddRoleMapping(role IRole, mapping AwsAuthMapping) \`\`\` Adds a mapping between an IAM role to a Kubernetes user and groups. ###### \`role\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole The IAM role to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- ##### \`AddUserMapping\` \`\`\`go func AddUserMapping(user IUser, mapping AwsAuthMapping) \`\`\` Adds a mapping between an IAM user to a Kubernetes user and groups. ###### \`user\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IUser The IAM user to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.AwsAuth_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ### CfnAddon - *Implements:* github.com/aws/aws-cdk-go/awscdk/v2.IInspectable A CloudFormation \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewCfnAddon(scope Construct, id *string, props CfnAddonProps) CfnAddon \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | - scope in which this resource is defined. | | id | *string | - scoped id of the resource. | | props | CfnAddonProps | - resource properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* *string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnAddonProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`go func OverrideLogicalId(newLogicalId *string) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* *string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`go func AddDeletionOverride(path *string) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* *string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`go func AddDependsOn(target CfnResource) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.CfnResource --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(key *string, value interface{}) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ###### \`value\`Required - *Type:* interface{} --- ##### \`AddOverride\` \`\`\`go func AddOverride(path *string, value interface{}) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`go // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes"), []interface{}{ jsii.String("myattribute"), }) cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.1.ProjectionType"), jsii.String("INCLUDE")) \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* *string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* interface{} The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`go func AddPropertyDeletionOverride(propertyPath *string) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* *string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`go func AddPropertyOverride(propertyPath *string, value interface{}) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* *string The path of the property. --- ###### \`value\`Required - *Type:* interface{} The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy, options RemovalPolicyOptions) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicy --- ###### \`options\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`go func GetAtt(attributeName *string) Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* *string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`go func GetMetadata(key *string) interface{} \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ##### \`Inspect\` \`\`\`go func Inspect(inspector TreeInspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnAddon_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- ##### \`IsCfnElement\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnAddon_IsCfnElement(x interface{}) *bool \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnAddon_IsCfnResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | CreationStack | *[]*string | *No description.* | | LogicalId | *string | The logical ID for this CloudFormation stack element. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this element is defined. | | Ref | *string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | github.com/aws/aws-cdk-go/awscdk/v2.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | *string | AWS resource type. | | AttrArn | *string | *No description.* | | Tags | github.com/aws/aws-cdk-go/awscdk/v2.TagManager | \`AWS::EKS::Addon.Tags\`. | | AddonName | *string | \`AWS::EKS::Addon.AddonName\`. | | ClusterName | *string | \`AWS::EKS::Addon.ClusterName\`. | | AddonVersion | *string | \`AWS::EKS::Addon.AddonVersion\`. | | ResolveConflicts | *string | \`AWS::EKS::Addon.ResolveConflicts\`. | | ServiceAccountRoleArn | *string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`CreationStack\`Required \`\`\`go func CreationStack() *[]*string \`\`\` - *Type:* *[]*string --- ##### \`LogicalId\`Required \`\`\`go func LogicalId() *string \`\`\` - *Type:* *string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`go func Ref() *string \`\`\` - *Type:* *string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`go func CfnOptions() ICfnResourceOptions \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`go func CfnResourceType() *string \`\`\` - *Type:* *string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`go func AttrArn() *string \`\`\` - *Type:* *string --- ##### \`Tags\`Required \`\`\`go func Tags() TagManager \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.TagManager \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ##### \`AddonName\`Required \`\`\`go func AddonName() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`AddonVersion\`Optional \`\`\`go func AddonVersion() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`ResolveConflicts\`Optional \`\`\`go func ResolveConflicts() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`ServiceAccountRoleArn\`Optional \`\`\`go func ServiceAccountRoleArn() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | *string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`go func CfnResourceTypeName() *string \`\`\` - *Type:* *string The CloudFormation resource type name for this resource class. --- ### CfnCluster - *Implements:* github.com/aws/aws-cdk-go/awscdk/v2.IInspectable A CloudFormation \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewCfnCluster(scope Construct, id *string, props CfnClusterProps) CfnCluster \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | - scope in which this resource is defined. | | id | *string | - scoped id of the resource. | | props | CfnClusterProps | - resource properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* *string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnClusterProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`go func OverrideLogicalId(newLogicalId *string) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* *string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`go func AddDeletionOverride(path *string) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* *string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`go func AddDependsOn(target CfnResource) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.CfnResource --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(key *string, value interface{}) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ###### \`value\`Required - *Type:* interface{} --- ##### \`AddOverride\` \`\`\`go func AddOverride(path *string, value interface{}) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`go // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes"), []interface{}{ jsii.String("myattribute"), }) cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.1.ProjectionType"), jsii.String("INCLUDE")) \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* *string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* interface{} The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`go func AddPropertyDeletionOverride(propertyPath *string) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* *string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`go func AddPropertyOverride(propertyPath *string, value interface{}) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* *string The path of the property. --- ###### \`value\`Required - *Type:* interface{} The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy, options RemovalPolicyOptions) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicy --- ###### \`options\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`go func GetAtt(attributeName *string) Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* *string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`go func GetMetadata(key *string) interface{} \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ##### \`Inspect\` \`\`\`go func Inspect(inspector TreeInspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnCluster_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- ##### \`IsCfnElement\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnCluster_IsCfnElement(x interface{}) *bool \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnCluster_IsCfnResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | CreationStack | *[]*string | *No description.* | | LogicalId | *string | The logical ID for this CloudFormation stack element. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this element is defined. | | Ref | *string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | github.com/aws/aws-cdk-go/awscdk/v2.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | *string | AWS resource type. | | AttrArn | *string | *No description.* | | AttrCertificateAuthorityData | *string | *No description.* | | AttrClusterSecurityGroupId | *string | *No description.* | | AttrEncryptionConfigKeyArn | *string | *No description.* | | AttrEndpoint | *string | *No description.* | | AttrOpenIdConnectIssuerUrl | *string | *No description.* | | ResourcesVpcConfig | interface{} | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | RoleArn | *string | \`AWS::EKS::Cluster.RoleArn\`. | | EncryptionConfig | interface{} | \`AWS::EKS::Cluster.EncryptionConfig\`. | | KubernetesNetworkConfig | interface{} | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | Name | *string | \`AWS::EKS::Cluster.Name\`. | | Version | *string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`CreationStack\`Required \`\`\`go func CreationStack() *[]*string \`\`\` - *Type:* *[]*string --- ##### \`LogicalId\`Required \`\`\`go func LogicalId() *string \`\`\` - *Type:* *string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`go func Ref() *string \`\`\` - *Type:* *string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`go func CfnOptions() ICfnResourceOptions \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`go func CfnResourceType() *string \`\`\` - *Type:* *string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`go func AttrArn() *string \`\`\` - *Type:* *string --- ##### \`AttrCertificateAuthorityData\`Required \`\`\`go func AttrCertificateAuthorityData() *string \`\`\` - *Type:* *string --- ##### \`AttrClusterSecurityGroupId\`Required \`\`\`go func AttrClusterSecurityGroupId() *string \`\`\` - *Type:* *string --- ##### \`AttrEncryptionConfigKeyArn\`Required \`\`\`go func AttrEncryptionConfigKeyArn() *string \`\`\` - *Type:* *string --- ##### \`AttrEndpoint\`Required \`\`\`go func AttrEndpoint() *string \`\`\` - *Type:* *string --- ##### \`AttrOpenIdConnectIssuerUrl\`Required \`\`\`go func AttrOpenIdConnectIssuerUrl() *string \`\`\` - *Type:* *string --- ##### \`ResourcesVpcConfig\`Required \`\`\`go func ResourcesVpcConfig() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`RoleArn\`Required \`\`\`go func RoleArn() *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`EncryptionConfig\`Optional \`\`\`go func EncryptionConfig() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`KubernetesNetworkConfig\`Optional \`\`\`go func KubernetesNetworkConfig() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`Name\`Optional \`\`\`go func Name() *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`Version\`Optional \`\`\`go func Version() *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | *string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`go func CfnResourceTypeName() *string \`\`\` - *Type:* *string The CloudFormation resource type name for this resource class. --- ### CfnFargateProfile - *Implements:* github.com/aws/aws-cdk-go/awscdk/v2.IInspectable A CloudFormation \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewCfnFargateProfile(scope Construct, id *string, props CfnFargateProfileProps) CfnFargateProfile \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | - scope in which this resource is defined. | | id | *string | - scoped id of the resource. | | props | CfnFargateProfileProps | - resource properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* *string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnFargateProfileProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`go func OverrideLogicalId(newLogicalId *string) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* *string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`go func AddDeletionOverride(path *string) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* *string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`go func AddDependsOn(target CfnResource) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.CfnResource --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(key *string, value interface{}) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ###### \`value\`Required - *Type:* interface{} --- ##### \`AddOverride\` \`\`\`go func AddOverride(path *string, value interface{}) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`go // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes"), []interface{}{ jsii.String("myattribute"), }) cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.1.ProjectionType"), jsii.String("INCLUDE")) \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* *string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* interface{} The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`go func AddPropertyDeletionOverride(propertyPath *string) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* *string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`go func AddPropertyOverride(propertyPath *string, value interface{}) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* *string The path of the property. --- ###### \`value\`Required - *Type:* interface{} The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy, options RemovalPolicyOptions) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicy --- ###### \`options\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`go func GetAtt(attributeName *string) Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* *string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`go func GetMetadata(key *string) interface{} \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ##### \`Inspect\` \`\`\`go func Inspect(inspector TreeInspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnFargateProfile_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- ##### \`IsCfnElement\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnFargateProfile_IsCfnElement(x interface{}) *bool \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnFargateProfile_IsCfnResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | CreationStack | *[]*string | *No description.* | | LogicalId | *string | The logical ID for this CloudFormation stack element. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this element is defined. | | Ref | *string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | github.com/aws/aws-cdk-go/awscdk/v2.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | *string | AWS resource type. | | AttrArn | *string | *No description.* | | Tags | github.com/aws/aws-cdk-go/awscdk/v2.TagManager | \`AWS::EKS::FargateProfile.Tags\`. | | ClusterName | *string | \`AWS::EKS::FargateProfile.ClusterName\`. | | PodExecutionRoleArn | *string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | Selectors | interface{} | \`AWS::EKS::FargateProfile.Selectors\`. | | FargateProfileName | *string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | Subnets | *[]*string | \`AWS::EKS::FargateProfile.Subnets\`. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`CreationStack\`Required \`\`\`go func CreationStack() *[]*string \`\`\` - *Type:* *[]*string --- ##### \`LogicalId\`Required \`\`\`go func LogicalId() *string \`\`\` - *Type:* *string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`go func Ref() *string \`\`\` - *Type:* *string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`go func CfnOptions() ICfnResourceOptions \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`go func CfnResourceType() *string \`\`\` - *Type:* *string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`go func AttrArn() *string \`\`\` - *Type:* *string --- ##### \`Tags\`Required \`\`\`go func Tags() TagManager \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.TagManager \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`PodExecutionRoleArn\`Required \`\`\`go func PodExecutionRoleArn() *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`Selectors\`Required \`\`\`go func Selectors() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`FargateProfileName\`Optional \`\`\`go func FargateProfileName() *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`Subnets\`Optional \`\`\`go func Subnets() *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | *string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`go func CfnResourceTypeName() *string \`\`\` - *Type:* *string The CloudFormation resource type name for this resource class. --- ### CfnNodegroup - *Implements:* github.com/aws/aws-cdk-go/awscdk/v2.IInspectable A CloudFormation \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewCfnNodegroup(scope Construct, id *string, props CfnNodegroupProps) CfnNodegroup \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | - scope in which this resource is defined. | | id | *string | - scoped id of the resource. | | props | CfnNodegroupProps | - resource properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* *string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnNodegroupProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`go func OverrideLogicalId(newLogicalId *string) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* *string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`go func AddDeletionOverride(path *string) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* *string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`go func AddDependsOn(target CfnResource) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.CfnResource --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(key *string, value interface{}) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ###### \`value\`Required - *Type:* interface{} --- ##### \`AddOverride\` \`\`\`go func AddOverride(path *string, value interface{}) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`go // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes"), []interface{}{ jsii.String("myattribute"), }) cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.1.ProjectionType"), jsii.String("INCLUDE")) \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* *string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* interface{} The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`go func AddPropertyDeletionOverride(propertyPath *string) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* *string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`go func AddPropertyOverride(propertyPath *string, value interface{}) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* *string The path of the property. --- ###### \`value\`Required - *Type:* interface{} The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy, options RemovalPolicyOptions) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicy --- ###### \`options\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`go func GetAtt(attributeName *string) Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* *string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`go func GetMetadata(key *string) interface{} \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ##### \`Inspect\` \`\`\`go func Inspect(inspector TreeInspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnNodegroup_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- ##### \`IsCfnElement\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnNodegroup_IsCfnElement(x interface{}) *bool \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.CfnNodegroup_IsCfnResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | CreationStack | *[]*string | *No description.* | | LogicalId | *string | The logical ID for this CloudFormation stack element. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this element is defined. | | Ref | *string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | github.com/aws/aws-cdk-go/awscdk/v2.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | *string | AWS resource type. | | AttrArn | *string | *No description.* | | AttrClusterName | *string | *No description.* | | AttrNodegroupName | *string | *No description.* | | Tags | github.com/aws/aws-cdk-go/awscdk/v2.TagManager | \`AWS::EKS::Nodegroup.Tags\`. | | ClusterName | *string | \`AWS::EKS::Nodegroup.ClusterName\`. | | Labels | interface{} | \`AWS::EKS::Nodegroup.Labels\`. | | NodeRole | *string | \`AWS::EKS::Nodegroup.NodeRole\`. | | Subnets | *[]*string | \`AWS::EKS::Nodegroup.Subnets\`. | | AmiType | *string | \`AWS::EKS::Nodegroup.AmiType\`. | | CapacityType | *string | \`AWS::EKS::Nodegroup.CapacityType\`. | | DiskSize | *f64 | \`AWS::EKS::Nodegroup.DiskSize\`. | | ForceUpdateEnabled | interface{} | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | InstanceTypes | *[]*string | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | LaunchTemplate | interface{} | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | NodegroupName | *string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | ReleaseVersion | *string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | RemoteAccess | interface{} | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | ScalingConfig | interface{} | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | Taints | interface{} | \`AWS::EKS::Nodegroup.Taints\`. | | Version | *string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`CreationStack\`Required \`\`\`go func CreationStack() *[]*string \`\`\` - *Type:* *[]*string --- ##### \`LogicalId\`Required \`\`\`go func LogicalId() *string \`\`\` - *Type:* *string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`go func Ref() *string \`\`\` - *Type:* *string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`go func CfnOptions() ICfnResourceOptions \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`go func CfnResourceType() *string \`\`\` - *Type:* *string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`go func AttrArn() *string \`\`\` - *Type:* *string --- ##### \`AttrClusterName\`Required \`\`\`go func AttrClusterName() *string \`\`\` - *Type:* *string --- ##### \`AttrNodegroupName\`Required \`\`\`go func AttrNodegroupName() *string \`\`\` - *Type:* *string --- ##### \`Tags\`Required \`\`\`go func Tags() TagManager \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.TagManager \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`Labels\`Required \`\`\`go func Labels() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`NodeRole\`Required \`\`\`go func NodeRole() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`Subnets\`Required \`\`\`go func Subnets() *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`AmiType\`Optional \`\`\`go func AmiType() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`CapacityType\`Optional \`\`\`go func CapacityType() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`DiskSize\`Optional \`\`\`go func DiskSize() *f64 \`\`\` - *Type:* *f64 \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`ForceUpdateEnabled\`Optional \`\`\`go func ForceUpdateEnabled() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`InstanceTypes\`Optional \`\`\`go func InstanceTypes() *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`LaunchTemplate\`Optional \`\`\`go func LaunchTemplate() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`NodegroupName\`Optional \`\`\`go func NodegroupName() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`ReleaseVersion\`Optional \`\`\`go func ReleaseVersion() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`RemoteAccess\`Optional \`\`\`go func RemoteAccess() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`ScalingConfig\`Optional \`\`\`go func ScalingConfig() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`Taints\`Optional \`\`\`go func Taints() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`Version\`Optional \`\`\`go func Version() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | *string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`go func CfnResourceTypeName() *string \`\`\` - *Type:* *string The CloudFormation resource type name for this resource class. --- ### Cluster - *Implements:* ICluster A Cluster represents a managed Kubernetes Service (EKS). This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewCluster(scope Construct, id *string, props ClusterProps) Cluster \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | a Construct, most likely a cdk.Stack created. | | id | *string | the id of the Construct to create. | | props | ClusterProps | properties in the IClusterProps interface. | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct a Construct, most likely a cdk.Stack created. --- ##### \`id\`Required - *Type:* *string the id of the Construct to create. --- ##### \`props\`Required - *Type:* ClusterProps properties in the IClusterProps interface. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddFargateProfile | Adds a Fargate profile to this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | ConnectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | GetServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicy --- ##### \`AddAutoScalingGroupCapacity\` \`\`\`go func AddAutoScalingGroupCapacity(id *string, options AutoScalingGroupCapacityOptions) AutoScalingGroup \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* *string --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`AddCdk8sChart\` \`\`\`go func AddCdk8sChart(id *string, chart Construct) KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`chart\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the cdk8s chart. --- ##### \`AddFargateProfile\` \`\`\`go func AddFargateProfile(id *string, options FargateProfileOptions) FargateProfile \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* *string the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`AddHelmChart\` \`\`\`go func AddHelmChart(id *string, options HelmChartOptions) HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`go func AddManifest(id *string, manifest *map[string]interface{}) KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* *string logical id of this manifest. --- ###### \`manifest\`Required - *Type:* *map[string]interface{} a list of Kubernetes resource specifications. --- ##### \`AddNodegroupCapacity\` \`\`\`go func AddNodegroupCapacity(id *string, options NodegroupOptions) Nodegroup \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* *string The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`AddServiceAccount\` \`\`\`go func AddServiceAccount(id *string, options ServiceAccountOptions) ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* *string --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`ConnectAutoScalingGroupCapacity\` \`\`\`go func ConnectAutoScalingGroupCapacity(autoScalingGroup AutoScalingGroup, options AutoScalingGroupOptions) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`GetServiceLoadBalancerAddress\` \`\`\`go func GetServiceLoadBalancerAddress(serviceName *string, options ServiceLoadBalancerAddressOptions) *string \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* *string The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsResource | Check whether the given construct is a Resource. | | FromClusterAttributes | Import an existing cluster. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.Cluster_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- ##### \`IsResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.Cluster_IsResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- ##### \`FromClusterAttributes\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.Cluster_FromClusterAttributes(scope Construct, id *string, attrs ClusterAttributes) ICluster \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* *string the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | Env | github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this resource is defined. | | AdminRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | AwsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | ClusterArn | *string | The AWS generated ARN for the Cluster resource. | | ClusterCertificateAuthorityData | *string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | *string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | *string | The endpoint URL for the Cluster. | | ClusterName | *string | The Name of the created EKS Cluster. | | ClusterOpenIdConnectIssuer | *string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | ClusterOpenIdConnectIssuerUrl | *string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | ClusterSecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | *string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | Connections | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | OpenIdConnectProvider | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | Prune | *bool | Determines if Kubernetes resources can be pruned automatically. | | Role | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC in which this Cluster was created. | | DefaultCapacity | github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | DefaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | KubectlEnvironment | *map[string]*string | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk/v2.Size | The amount of memory allocated to the kubectl provider's lambda function. | | KubectlPrivateSubnets | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnet | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this resource is defined. --- ##### \`AdminRole\`Required \`\`\`go func AdminRole() Role \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`AwsAuth\`Required \`\`\`go func AwsAuth() AwsAuth \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`ClusterArn\`Required \`\`\`go func ClusterArn() *string \`\`\` - *Type:* *string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666cluster / prod \`\`\` ##### \`ClusterCertificateAuthorityData\`Required \`\`\`go func ClusterCertificateAuthorityData() *string \`\`\` - *Type:* *string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`go func ClusterEncryptionConfigKeyArn() *string \`\`\` - *Type:* *string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`go func ClusterEndpoint() *string \`\`\` - *Type:* *string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string The Name of the created EKS Cluster. --- ##### \`ClusterOpenIdConnectIssuer\`Required \`\`\`go func ClusterOpenIdConnectIssuer() *string \`\`\` - *Type:* *string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterOpenIdConnectIssuerUrl\`Required \`\`\`go func ClusterOpenIdConnectIssuerUrl() *string \`\`\` - *Type:* *string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterSecurityGroup\`Required \`\`\`go func ClusterSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`go func ClusterSecurityGroupId() *string \`\`\` - *Type:* *string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`Connections\`Required \`\`\`go func Connections() Connections \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`go func OpenIdConnectProvider() IOpenIdConnectProvider \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`Prune\`Required \`\`\`go func Prune() *bool \`\`\` - *Type:* *bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`Role\`Required \`\`\`go func Role() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`Vpc\`Required \`\`\`go func Vpc() IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`DefaultCapacity\`Optional \`\`\`go func DefaultCapacity() AutoScalingGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`DefaultNodegroup\`Optional \`\`\`go func DefaultNodegroup() Nodegroup \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`KubectlEnvironment\`Optional \`\`\`go func KubectlEnvironment() *map[string]*string \`\`\` - *Type:* *map[string]*string Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`go func KubectlLayer() ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`go func KubectlMemory() Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`go func KubectlPrivateSubnets() *[]ISubnet \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnet - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`KubectlRole\`Optional \`\`\`go func KubectlRole() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`go func KubectlSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateCluster Defines an EKS cluster that runs entirely on AWS Fargate. The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using \`addFargateProfile\`. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewFargateCluster(scope Construct, id *string, props FargateClusterProps) FargateCluster \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | FargateClusterProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* FargateClusterProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddFargateProfile | Adds a Fargate profile to this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | ConnectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | GetServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicy --- ##### \`AddAutoScalingGroupCapacity\` \`\`\`go func AddAutoScalingGroupCapacity(id *string, options AutoScalingGroupCapacityOptions) AutoScalingGroup \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* *string --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`AddCdk8sChart\` \`\`\`go func AddCdk8sChart(id *string, chart Construct) KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`chart\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the cdk8s chart. --- ##### \`AddFargateProfile\` \`\`\`go func AddFargateProfile(id *string, options FargateProfileOptions) FargateProfile \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* *string the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`AddHelmChart\` \`\`\`go func AddHelmChart(id *string, options HelmChartOptions) HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`go func AddManifest(id *string, manifest *map[string]interface{}) KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* *string logical id of this manifest. --- ###### \`manifest\`Required - *Type:* *map[string]interface{} a list of Kubernetes resource specifications. --- ##### \`AddNodegroupCapacity\` \`\`\`go func AddNodegroupCapacity(id *string, options NodegroupOptions) Nodegroup \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* *string The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`AddServiceAccount\` \`\`\`go func AddServiceAccount(id *string, options ServiceAccountOptions) ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* *string --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`ConnectAutoScalingGroupCapacity\` \`\`\`go func ConnectAutoScalingGroupCapacity(autoScalingGroup AutoScalingGroup, options AutoScalingGroupOptions) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`GetServiceLoadBalancerAddress\` \`\`\`go func GetServiceLoadBalancerAddress(serviceName *string, options ServiceLoadBalancerAddressOptions) *string \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* *string The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsResource | Check whether the given construct is a Resource. | | FromClusterAttributes | Import an existing cluster. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.FargateCluster_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- ##### \`IsResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.FargateCluster_IsResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- ##### \`FromClusterAttributes\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.FargateCluster_FromClusterAttributes(scope Construct, id *string, attrs ClusterAttributes) ICluster \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* *string the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | Env | github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this resource is defined. | | AdminRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | AwsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | ClusterArn | *string | The AWS generated ARN for the Cluster resource. | | ClusterCertificateAuthorityData | *string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | *string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | *string | The endpoint URL for the Cluster. | | ClusterName | *string | The Name of the created EKS Cluster. | | ClusterOpenIdConnectIssuer | *string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | ClusterOpenIdConnectIssuerUrl | *string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | ClusterSecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | *string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | Connections | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | OpenIdConnectProvider | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | Prune | *bool | Determines if Kubernetes resources can be pruned automatically. | | Role | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC in which this Cluster was created. | | DefaultCapacity | github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | DefaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | KubectlEnvironment | *map[string]*string | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk/v2.Size | The amount of memory allocated to the kubectl provider's lambda function. | | KubectlPrivateSubnets | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnet | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this resource is defined. --- ##### \`AdminRole\`Required \`\`\`go func AdminRole() Role \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`AwsAuth\`Required \`\`\`go func AwsAuth() AwsAuth \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`ClusterArn\`Required \`\`\`go func ClusterArn() *string \`\`\` - *Type:* *string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666cluster / prod \`\`\` ##### \`ClusterCertificateAuthorityData\`Required \`\`\`go func ClusterCertificateAuthorityData() *string \`\`\` - *Type:* *string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`go func ClusterEncryptionConfigKeyArn() *string \`\`\` - *Type:* *string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`go func ClusterEndpoint() *string \`\`\` - *Type:* *string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string The Name of the created EKS Cluster. --- ##### \`ClusterOpenIdConnectIssuer\`Required \`\`\`go func ClusterOpenIdConnectIssuer() *string \`\`\` - *Type:* *string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterOpenIdConnectIssuerUrl\`Required \`\`\`go func ClusterOpenIdConnectIssuerUrl() *string \`\`\` - *Type:* *string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterSecurityGroup\`Required \`\`\`go func ClusterSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`go func ClusterSecurityGroupId() *string \`\`\` - *Type:* *string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`Connections\`Required \`\`\`go func Connections() Connections \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`go func OpenIdConnectProvider() IOpenIdConnectProvider \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`Prune\`Required \`\`\`go func Prune() *bool \`\`\` - *Type:* *bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`Role\`Required \`\`\`go func Role() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`Vpc\`Required \`\`\`go func Vpc() IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`DefaultCapacity\`Optional \`\`\`go func DefaultCapacity() AutoScalingGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`DefaultNodegroup\`Optional \`\`\`go func DefaultNodegroup() Nodegroup \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`KubectlEnvironment\`Optional \`\`\`go func KubectlEnvironment() *map[string]*string \`\`\` - *Type:* *map[string]*string Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`go func KubectlLayer() ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`go func KubectlMemory() Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`go func KubectlPrivateSubnets() *[]ISubnet \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnet - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`KubectlRole\`Optional \`\`\`go func KubectlRole() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`go func KubectlSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateProfile - *Implements:* github.com/aws/aws-cdk-go/awscdk/v2.ITaggable Fargate profiles allows an administrator to declare which pods run on Fargate. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate. If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewFargateProfile(scope Construct, id *string, props FargateProfileProps) FargateProfile \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | FargateProfileProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* FargateProfileProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.FargateProfile_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | FargateProfileArn | *string | The full Amazon Resource Name (ARN) of the Fargate profile. | | FargateProfileName | *string | The name of the Fargate profile. | | PodExecutionRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | Tags | github.com/aws/aws-cdk-go/awscdk/v2.TagManager | Resource tags. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`FargateProfileArn\`Required \`\`\`go func FargateProfileArn() *string \`\`\` - *Type:* *string The full Amazon Resource Name (ARN) of the Fargate profile. --- ##### \`FargateProfileName\`Required \`\`\`go func FargateProfileName() *string \`\`\` - *Type:* *string The name of the Fargate profile. --- ##### \`PodExecutionRole\`Required \`\`\`go func PodExecutionRole() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. --- ##### \`Tags\`Required \`\`\`go func Tags() TagManager \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.TagManager Resource tags. --- ### HelmChart Represents a helm chart within the Kubernetes system. Applies/deletes the resources using \`kubectl\` in sync with the resource. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewHelmChart(scope Construct, id *string, props HelmChartProps) HelmChart \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | HelmChartProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* HelmChartProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.HelmChart_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | *string | The CloudFormation resource type. | --- ##### \`ResourceType\`Required \`\`\`go func ResourceType() *string \`\`\` - *Type:* *string The CloudFormation resource type. --- ### KubernetesManifest Represents a manifest within the Kubernetes system. Alternatively, you can use \`cluster.addManifest(resource[, resource, ...])\` to define resources on this cluster. Applies/deletes the manifest using \`kubectl\`. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewKubernetesManifest(scope Construct, id *string, props KubernetesManifestProps) KubernetesManifest \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | KubernetesManifestProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* KubernetesManifestProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.KubernetesManifest_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | *string | The CloudFormation reosurce type. | --- ##### \`ResourceType\`Required \`\`\`go func ResourceType() *string \`\`\` - *Type:* *string The CloudFormation reosurce type. --- ### KubernetesObjectValue Represents a value of a specific object deployed in the cluster. Use this to fetch any information available by the \`kubectl get\` command. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewKubernetesObjectValue(scope Construct, id *string, props KubernetesObjectValueProps) KubernetesObjectValue \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | KubernetesObjectValueProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* KubernetesObjectValueProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.KubernetesObjectValue_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | Value | *string | The value as a string token. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`Value\`Required \`\`\`go func Value() *string \`\`\` - *Type:* *string The value as a string token. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | *string | The CloudFormation reosurce type. | --- ##### \`ResourceType\`Required \`\`\`go func ResourceType() *string \`\`\` - *Type:* *string The CloudFormation reosurce type. --- ### KubernetesPatch A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource. > [https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewKubernetesPatch(scope Construct, id *string, props KubernetesPatchProps) KubernetesPatch \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | KubernetesPatchProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* KubernetesPatchProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.KubernetesPatch_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ### Nodegroup - *Implements:* INodegroup The Nodegroup resource class. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewNodegroup(scope Construct, id *string, props NodegroupProps) Nodegroup \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | NodegroupProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* NodegroupProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsResource | Check whether the given construct is a Resource. | | FromNodegroupName | Import the Nodegroup from attributes. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.Nodegroup_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- ##### \`IsResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.Nodegroup_IsResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- ##### \`FromNodegroupName\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.Nodegroup_FromNodegroupName(scope Construct, id *string, nodegroupName *string) INodegroup \`\`\` Import the Nodegroup from attributes. ###### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ###### \`id\`Required - *Type:* *string --- ###### \`nodegroupName\`Required - *Type:* *string --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | Env | github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this resource is defined. | | Cluster | ICluster | the Amazon EKS cluster resource. | | NodegroupArn | *string | ARN of the nodegroup. | | NodegroupName | *string | Nodegroup name. | | Role | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | IAM role of the instance profile for the nodegroup. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this resource is defined. --- ##### \`Cluster\`Required \`\`\`go func Cluster() ICluster \`\`\` - *Type:* ICluster the Amazon EKS cluster resource. --- ##### \`NodegroupArn\`Required \`\`\`go func NodegroupArn() *string \`\`\` - *Type:* *string ARN of the nodegroup. --- ##### \`NodegroupName\`Required \`\`\`go func NodegroupName() *string \`\`\` - *Type:* *string Nodegroup name. --- ##### \`Role\`Required \`\`\`go func Role() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole IAM role of the instance profile for the nodegroup. --- ### OpenIdConnectProvider IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster > [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewOpenIdConnectProvider(scope Construct, id *string, props OpenIdConnectProviderProps) OpenIdConnectProvider \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | The definition scope. | | id | *string | Construct ID. | | props | OpenIdConnectProviderProps | Initialization properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct The definition scope. --- ##### \`id\`Required - *Type:* *string Construct ID. --- ##### \`props\`Required - *Type:* OpenIdConnectProviderProps Initialization properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | | IsResource | Check whether the given construct is a Resource. | | FromOpenIdConnectProviderArn | Imports an Open ID connect provider from an ARN. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.OpenIdConnectProvider_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- ##### \`IsResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.OpenIdConnectProvider_IsResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- ##### \`FromOpenIdConnectProviderArn\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.OpenIdConnectProvider_FromOpenIdConnectProviderArn(scope Construct, id *string, openIdConnectProviderArn *string) IOpenIdConnectProvider \`\`\` Imports an Open ID connect provider from an ARN. ###### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct The definition scope. --- ###### \`id\`Required - *Type:* *string ID of the construct. --- ###### \`openIdConnectProviderArn\`Required - *Type:* *string the ARN to import. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | Env | github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this resource is defined. | | OpenIdConnectProviderArn | *string | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. | | OpenIdConnectProviderIssuer | *string | The issuer for OIDC Provider. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this resource is defined. --- ##### \`OpenIdConnectProviderArn\`Required \`\`\`go func OpenIdConnectProviderArn() *string \`\`\` - *Type:* *string The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. --- ##### \`OpenIdConnectProviderIssuer\`Required \`\`\`go func OpenIdConnectProviderIssuer() *string \`\`\` - *Type:* *string The issuer for OIDC Provider. --- ### ServiceAccount - *Implements:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IPrincipal Service Account. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewServiceAccount(scope Construct, id *string, props ServiceAccountProps) ServiceAccount \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | ServiceAccountProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* ServiceAccountProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | AddToPrincipalPolicy | Add to the policy of this principal. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`AddToPrincipalPolicy\` \`\`\`go func AddToPrincipalPolicy(statement PolicyStatement) AddToPrincipalPolicyResult \`\`\` Add to the policy of this principal. ###### \`statement\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.PolicyStatement --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`IsConstruct\`~~ \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.ServiceAccount_IsConstruct(x interface{}) *bool \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* interface{} Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | AssumeRoleAction | *string | When this Principal is used in an AssumeRole policy, the action to use. | | GrantPrincipal | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IPrincipal | The principal to grant permissions to. | | PolicyFragment | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.PrincipalPolicyFragment | Return the policy fragment that identifies this principal in a Policy. | | Role | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | The role which is linked to the service account. | | ServiceAccountName | *string | The name of the service account. | | ServiceAccountNamespace | *string | The namespace where the service account is located in. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`AssumeRoleAction\`Required \`\`\`go func AssumeRoleAction() *string \`\`\` - *Type:* *string When this Principal is used in an AssumeRole policy, the action to use. --- ##### \`GrantPrincipal\`Required \`\`\`go func GrantPrincipal() IPrincipal \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IPrincipal The principal to grant permissions to. --- ##### \`PolicyFragment\`Required \`\`\`go func PolicyFragment() PrincipalPolicyFragment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.PrincipalPolicyFragment Return the policy fragment that identifies this principal in a Policy. --- ##### \`Role\`Required \`\`\`go func Role() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole The role which is linked to the service account. --- ##### \`ServiceAccountName\`Required \`\`\`go func ServiceAccountName() *string \`\`\` - *Type:* *string The name of the service account. --- ##### \`ServiceAccountNamespace\`Required \`\`\`go func ServiceAccountNamespace() *string \`\`\` - *Type:* *string The namespace where the service account is located in. --- ## Structs ### AutoScalingGroupCapacityOptions Options for adding worker nodes. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.AutoScalingGroupCapacityOptions { AllowAllOutbound: *bool, AssociatePublicIpAddress: *bool, AutoScalingGroupName: *string, BlockDevices: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.BlockDevice, Cooldown: github.com/aws/aws-cdk-go/awscdk/v2.Duration, DesiredCapacity: *f64, GroupMetrics: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.GroupMetrics, HealthCheck: github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.HealthCheck, IgnoreUnmodifiedSizeProperties: *bool, InstanceMonitoring: github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.Monitoring, KeyName: *string, MaxCapacity: *f64, MaxInstanceLifetime: github.com/aws/aws-cdk-go/awscdk/v2.Duration, MinCapacity: *f64, NewInstancesProtectedFromScaleIn: *bool, Notifications: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.NotificationConfiguration, Signals: github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.Signals, SpotPrice: *string, UpdatePolicy: github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.UpdatePolicy, VpcSubnets: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection, InstanceType: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType, BootstrapEnabled: *bool, BootstrapOptions: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.BootstrapOptions, MachineImageType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.MachineImageType, MapRole: *bool, SpotInterruptHandler: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AllowAllOutbound | *bool | Whether the instances can initiate connections to anywhere by default. | | AssociatePublicIpAddress | *bool | Whether instances in the Auto Scaling Group should have public IP addresses associated with them. | | AutoScalingGroupName | *string | The name of the Auto Scaling group. | | BlockDevices | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.BlockDevice | Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. | | Cooldown | github.com/aws/aws-cdk-go/awscdk/v2.Duration | Default scaling cooldown for this AutoScalingGroup. | | DesiredCapacity | *f64 | Initial amount of instances in the fleet. | | GroupMetrics | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.GroupMetrics | Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. | | HealthCheck | github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.HealthCheck | Configuration for health checks. | | IgnoreUnmodifiedSizeProperties | *bool | If the ASG has scheduled actions, don't reset unchanged group sizes. | | InstanceMonitoring | github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.Monitoring | Controls whether instances in this group are launched with detailed or basic monitoring. | | KeyName | *string | Name of SSH keypair to grant access to instances. | | MaxCapacity | *f64 | Maximum number of instances in the fleet. | | MaxInstanceLifetime | github.com/aws/aws-cdk-go/awscdk/v2.Duration | The maximum amount of time that an instance can be in service. | | MinCapacity | *f64 | Minimum number of instances in the fleet. | | NewInstancesProtectedFromScaleIn | *bool | Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. | | Notifications | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.NotificationConfiguration | Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). | | Signals | github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.Signals | Configure waiting for signals during deployment. | | SpotPrice | *string | The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. | | UpdatePolicy | github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.UpdatePolicy | What to do when an AutoScalingGroup's instance configuration is changed. | | VpcSubnets | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection | Where to place instances within the VPC. | | InstanceType | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType | Instance type of the instances to start. | | BootstrapEnabled | *bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | BootstrapOptions | BootstrapOptions | EKS node bootstrapping options. | | MachineImageType | MachineImageType | Machine image type. | | MapRole | *bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | SpotInterruptHandler | *bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`AllowAllOutbound\`Optional \`\`\`go AllowAllOutbound *bool \`\`\` - *Type:* *bool - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ##### \`AssociatePublicIpAddress\`Optional \`\`\`go AssociatePublicIpAddress *bool \`\`\` - *Type:* *bool - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ##### \`AutoScalingGroupName\`Optional \`\`\`go AutoScalingGroupName *string \`\`\` - *Type:* *string - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ##### \`BlockDevices\`Optional \`\`\`go BlockDevices *[]BlockDevice \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.BlockDevice - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ##### \`Cooldown\`Optional \`\`\`go Cooldown Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ##### \`DesiredCapacity\`Optional \`\`\`go DesiredCapacity *f64 \`\`\` - *Type:* *f64 - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ##### \`GroupMetrics\`Optional \`\`\`go GroupMetrics *[]GroupMetrics \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.GroupMetrics - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ##### \`HealthCheck\`Optional \`\`\`go HealthCheck HealthCheck \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ##### \`IgnoreUnmodifiedSizeProperties\`Optional \`\`\`go IgnoreUnmodifiedSizeProperties *bool \`\`\` - *Type:* *bool - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ##### \`InstanceMonitoring\`Optional \`\`\`go InstanceMonitoring Monitoring \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ##### \`KeyName\`Optional \`\`\`go KeyName *string \`\`\` - *Type:* *string - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ##### \`MaxCapacity\`Optional \`\`\`go MaxCapacity *f64 \`\`\` - *Type:* *f64 - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ##### \`MaxInstanceLifetime\`Optional \`\`\`go MaxInstanceLifetime Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ##### \`MinCapacity\`Optional \`\`\`go MinCapacity *f64 \`\`\` - *Type:* *f64 - *Default:* 1 Minimum number of instances in the fleet. --- ##### \`NewInstancesProtectedFromScaleIn\`Optional \`\`\`go NewInstancesProtectedFromScaleIn *bool \`\`\` - *Type:* *bool - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ##### \`Notifications\`Optional \`\`\`go Notifications *[]NotificationConfiguration \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.NotificationConfiguration - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ##### \`Signals\`Optional \`\`\`go Signals Signals \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ##### \`SpotPrice\`Optional \`\`\`go SpotPrice *string \`\`\` - *Type:* *string - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ##### \`UpdatePolicy\`Optional \`\`\`go UpdatePolicy UpdatePolicy \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ##### \`InstanceType\`Required \`\`\`go InstanceType InstanceType \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType Instance type of the instances to start. --- ##### \`BootstrapEnabled\`Optional \`\`\`go BootstrapEnabled *bool \`\`\` - *Type:* *bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`BootstrapOptions\`Optional \`\`\`go BootstrapOptions BootstrapOptions \`\`\` - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ##### \`MachineImageType\`Optional \`\`\`go MachineImageType MachineImageType \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ##### \`MapRole\`Optional \`\`\`go MapRole *bool \`\`\` - *Type:* *bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`SpotInterruptHandler\`Optional \`\`\`go SpotInterruptHandler *bool \`\`\` - *Type:* *bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ### AutoScalingGroupOptions Options for adding an AutoScalingGroup as capacity. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.AutoScalingGroupOptions { BootstrapEnabled: *bool, BootstrapOptions: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.BootstrapOptions, MachineImageType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.MachineImageType, MapRole: *bool, SpotInterruptHandler: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | BootstrapEnabled | *bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | BootstrapOptions | BootstrapOptions | Allows options for node bootstrapping through EC2 user data. | | MachineImageType | MachineImageType | Allow options to specify different machine image type. | | MapRole | *bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | SpotInterruptHandler | *bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`BootstrapEnabled\`Optional \`\`\`go BootstrapEnabled *bool \`\`\` - *Type:* *bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`BootstrapOptions\`Optional \`\`\`go BootstrapOptions BootstrapOptions \`\`\` - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ##### \`MachineImageType\`Optional \`\`\`go MachineImageType MachineImageType \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ##### \`MapRole\`Optional \`\`\`go MapRole *bool \`\`\` - *Type:* *bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`SpotInterruptHandler\`Optional \`\`\`go SpotInterruptHandler *bool \`\`\` - *Type:* *bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ### AwsAuthMapping AwsAuth mapping. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.AwsAuthMapping { Groups: *[]*string, Username: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Groups | *[]*string | A list of groups within Kubernetes to which the role is mapped. | | Username | *string | The user name within Kubernetes to map to the IAM role. | --- ##### \`Groups\`Required \`\`\`go Groups *[]*string \`\`\` - *Type:* *[]*string A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`Username\`Optional \`\`\`go Username *string \`\`\` - *Type:* *string - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- ### AwsAuthProps Configuration props for the AwsAuth construct. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.AwsAuthProps { Cluster: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.Cluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`Cluster\`Required \`\`\`go Cluster Cluster \`\`\` - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### BootstrapOptions EKS node bootstrapping options. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.BootstrapOptions { AdditionalArgs: *string, AwsApiRetryAttempts: *f64, DnsClusterIp: *string, DockerConfigJson: *string, EnableDockerBridge: *bool, KubeletExtraArgs: *string, UseMaxPods: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AdditionalArgs | *string | Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. | | AwsApiRetryAttempts | *f64 | Number of retry attempts for AWS API call (DescribeCluster). | | DnsClusterIp | *string | Overrides the IP address to use for DNS queries within the cluster. | | DockerConfigJson | *string | The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. | | EnableDockerBridge | *bool | Restores the docker default bridge network. | | KubeletExtraArgs | *string | Extra arguments to add to the kubelet. | | UseMaxPods | *bool | Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. | --- ##### \`AdditionalArgs\`Optional \`\`\`go AdditionalArgs *string \`\`\` - *Type:* *string - *Default:* none Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. > [https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) --- ##### \`AwsApiRetryAttempts\`Optional \`\`\`go AwsApiRetryAttempts *f64 \`\`\` - *Type:* *f64 - *Default:* 3 Number of retry attempts for AWS API call (DescribeCluster). --- ##### \`DnsClusterIp\`Optional \`\`\`go DnsClusterIp *string \`\`\` - *Type:* *string - *Default:* 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface. Overrides the IP address to use for DNS queries within the cluster. --- ##### \`DockerConfigJson\`Optional \`\`\`go DockerConfigJson *string \`\`\` - *Type:* *string - *Default:* none The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. --- ##### \`EnableDockerBridge\`Optional \`\`\`go EnableDockerBridge *bool \`\`\` - *Type:* *bool - *Default:* false Restores the docker default bridge network. --- ##### \`KubeletExtraArgs\`Optional \`\`\`go KubeletExtraArgs *string \`\`\` - *Type:* *string - *Default:* none Extra arguments to add to the kubelet. Useful for adding labels or taints. --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. --node - labelsfoo = bar , goo = far \`\`\` ##### \`UseMaxPods\`Optional \`\`\`go UseMaxPods *bool \`\`\` - *Type:* *bool - *Default:* true Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. --- ### CfnAddonProps Properties for defining a \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.CfnAddonProps { AddonName: *string, ClusterName: *string, AddonVersion: *string, ResolveConflicts: *string, ServiceAccountRoleArn: *string, Tags: *[]github.com/aws/aws-cdk-go/awscdk/v2.CfnTag, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AddonName | *string | \`AWS::EKS::Addon.AddonName\`. | | ClusterName | *string | \`AWS::EKS::Addon.ClusterName\`. | | AddonVersion | *string | \`AWS::EKS::Addon.AddonVersion\`. | | ResolveConflicts | *string | \`AWS::EKS::Addon.ResolveConflicts\`. | | ServiceAccountRoleArn | *string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | Tags | *[]github.com/aws/aws-cdk-go/awscdk/v2.CfnTag | \`AWS::EKS::Addon.Tags\`. | --- ##### \`AddonName\`Required \`\`\`go AddonName *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`ClusterName\`Required \`\`\`go ClusterName *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`AddonVersion\`Optional \`\`\`go AddonVersion *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`ResolveConflicts\`Optional \`\`\`go ResolveConflicts *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`ServiceAccountRoleArn\`Optional \`\`\`go ServiceAccountRoleArn *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`Tags\`Optional \`\`\`go Tags *[]CfnTag \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.CfnTag \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ### CfnClusterProps Properties for defining a \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.CfnClusterProps { ResourcesVpcConfig: interface{}, RoleArn: *string, EncryptionConfig: interface{}, KubernetesNetworkConfig: interface{}, Name: *string, Version: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourcesVpcConfig | interface{} | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | RoleArn | *string | \`AWS::EKS::Cluster.RoleArn\`. | | EncryptionConfig | interface{} | \`AWS::EKS::Cluster.EncryptionConfig\`. | | KubernetesNetworkConfig | interface{} | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | Name | *string | \`AWS::EKS::Cluster.Name\`. | | Version | *string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`ResourcesVpcConfig\`Required \`\`\`go ResourcesVpcConfig interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`RoleArn\`Required \`\`\`go RoleArn *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`EncryptionConfig\`Optional \`\`\`go EncryptionConfig interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`KubernetesNetworkConfig\`Optional \`\`\`go KubernetesNetworkConfig interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`Name\`Optional \`\`\`go Name *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- ### CfnFargateProfileProps Properties for defining a \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.CfnFargateProfileProps { ClusterName: *string, PodExecutionRoleArn: *string, Selectors: interface{}, FargateProfileName: *string, Subnets: *[]*string, Tags: *[]github.com/aws/aws-cdk-go/awscdk/v2.CfnTag, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | *string | \`AWS::EKS::FargateProfile.ClusterName\`. | | PodExecutionRoleArn | *string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | Selectors | interface{} | \`AWS::EKS::FargateProfile.Selectors\`. | | FargateProfileName | *string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | Subnets | *[]*string | \`AWS::EKS::FargateProfile.Subnets\`. | | Tags | *[]github.com/aws/aws-cdk-go/awscdk/v2.CfnTag | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`ClusterName\`Required \`\`\`go ClusterName *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`PodExecutionRoleArn\`Required \`\`\`go PodExecutionRoleArn *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`Selectors\`Required \`\`\`go Selectors interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`FargateProfileName\`Optional \`\`\`go FargateProfileName *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`Subnets\`Optional \`\`\`go Subnets *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`Tags\`Optional \`\`\`go Tags *[]CfnTag \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.CfnTag \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ### CfnNodegroupProps Properties for defining a \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.CfnNodegroupProps { ClusterName: *string, NodeRole: *string, Subnets: *[]*string, AmiType: *string, CapacityType: *string, DiskSize: *f64, ForceUpdateEnabled: interface{}, InstanceTypes: *[]*string, Labels: interface{}, LaunchTemplate: interface{}, NodegroupName: *string, ReleaseVersion: *string, RemoteAccess: interface{}, ScalingConfig: interface{}, Tags: interface{}, Taints: interface{}, Version: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | *string | \`AWS::EKS::Nodegroup.ClusterName\`. | | NodeRole | *string | \`AWS::EKS::Nodegroup.NodeRole\`. | | Subnets | *[]*string | \`AWS::EKS::Nodegroup.Subnets\`. | | AmiType | *string | \`AWS::EKS::Nodegroup.AmiType\`. | | CapacityType | *string | \`AWS::EKS::Nodegroup.CapacityType\`. | | DiskSize | *f64 | \`AWS::EKS::Nodegroup.DiskSize\`. | | ForceUpdateEnabled | interface{} | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | InstanceTypes | *[]*string | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | Labels | interface{} | \`AWS::EKS::Nodegroup.Labels\`. | | LaunchTemplate | interface{} | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | NodegroupName | *string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | ReleaseVersion | *string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | RemoteAccess | interface{} | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | ScalingConfig | interface{} | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | Tags | interface{} | \`AWS::EKS::Nodegroup.Tags\`. | | Taints | interface{} | \`AWS::EKS::Nodegroup.Taints\`. | | Version | *string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`ClusterName\`Required \`\`\`go ClusterName *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`NodeRole\`Required \`\`\`go NodeRole *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`Subnets\`Required \`\`\`go Subnets *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`AmiType\`Optional \`\`\`go AmiType *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`CapacityType\`Optional \`\`\`go CapacityType *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`DiskSize\`Optional \`\`\`go DiskSize *f64 \`\`\` - *Type:* *f64 \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`ForceUpdateEnabled\`Optional \`\`\`go ForceUpdateEnabled interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`InstanceTypes\`Optional \`\`\`go InstanceTypes *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`go Labels interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`LaunchTemplate\`Optional \`\`\`go LaunchTemplate interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`NodegroupName\`Optional \`\`\`go NodegroupName *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`ReleaseVersion\`Optional \`\`\`go ReleaseVersion *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`RemoteAccess\`Optional \`\`\`go RemoteAccess interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`ScalingConfig\`Optional \`\`\`go ScalingConfig interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`Tags\`Optional \`\`\`go Tags interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`Taints\`Optional \`\`\`go Taints interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- ### ClusterAttributes Attributes for EKS clusters. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.ClusterAttributes { ClusterName: *string, ClusterCertificateAuthorityData: *string, ClusterEncryptionConfigKeyArn: *string, ClusterEndpoint: *string, ClusterSecurityGroupId: *string, KubectlEnvironment: *map[string]*string, KubectlLayer: github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion, KubectlMemory: github.com/aws/aws-cdk-go/awscdk/v2.Size, KubectlPrivateSubnetIds: *[]*string, KubectlRoleArn: *string, KubectlSecurityGroupId: *string, OpenIdConnectProvider: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider, Prune: *bool, SecurityGroupIds: *[]*string, Vpc: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | *string | The physical name of the Cluster. | | ClusterCertificateAuthorityData | *string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | *string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | *string | The API Server endpoint URL. | | ClusterSecurityGroupId | *string | The cluster security group that was created by Amazon EKS for the cluster. | | KubectlEnvironment | *map[string]*string | Environment variables to use when running \`kubectl\` against this cluster. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk/v2.Size | Amount of memory to allocate to the provider's lambda function. | | KubectlPrivateSubnetIds | *[]*string | Subnets to host the \`kubectl\` compute resources. | | KubectlRoleArn | *string | An IAM role with cluster administrator and "system:masters" permissions. | | KubectlSecurityGroupId | *string | A security group to use for \`kubectl\` execution. | | OpenIdConnectProvider | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider | An Open ID Connect provider for this cluster that can be used to configure service accounts. | | Prune | *bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecurityGroupIds | *[]*string | Additional security groups associated with this cluster. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC in which this Cluster was created. | --- ##### \`ClusterName\`Required \`\`\`go ClusterName *string \`\`\` - *Type:* *string The physical name of the Cluster. --- ##### \`ClusterCertificateAuthorityData\`Optional \`\`\`go ClusterCertificateAuthorityData *string \`\`\` - *Type:* *string - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Optional \`\`\`go ClusterEncryptionConfigKeyArn *string \`\`\` - *Type:* *string - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Optional \`\`\`go ClusterEndpoint *string \`\`\` - *Type:* *string - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ##### \`ClusterSecurityGroupId\`Optional \`\`\`go ClusterSecurityGroupId *string \`\`\` - *Type:* *string - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`KubectlEnvironment\`Optional \`\`\`go KubectlEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`go KubectlLayer ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: \`\`\` helm/helm kubectl/kubectl awscli/aws \`\`\` --- ##### \`KubectlMemory\`Optional \`\`\`go KubectlMemory Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`KubectlPrivateSubnetIds\`Optional \`\`\`go KubectlPrivateSubnetIds *[]*string \`\`\` - *Type:* *[]*string - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`KubectlRoleArn\`Optional \`\`\`go KubectlRoleArn *string \`\`\` - *Type:* *string - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ##### \`KubectlSecurityGroupId\`Optional \`\`\`go KubectlSecurityGroupId *string \`\`\` - *Type:* *string - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`OpenIdConnectProvider\`Optional \`\`\`go OpenIdConnectProvider IOpenIdConnectProvider \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecurityGroupIds\`Optional \`\`\`go SecurityGroupIds *[]*string \`\`\` - *Type:* *[]*string - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- ### ClusterOptions Options for EKS clusters. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.ClusterOptions { Version: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesVersion, ClusterName: *string, OutputClusterName: *bool, OutputConfigCommand: *bool, Role: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, SecurityGroup: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup, Vpc: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc, VpcSubnets: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection, ClusterHandlerEnvironment: *map[string]*string, CoreDnsComputeType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CoreDnsComputeType, EndpointAccess: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.EndpointAccess, KubectlEnvironment: *map[string]*string, KubectlLayer: github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion, KubectlMemory: github.com/aws/aws-cdk-go/awscdk/v2.Size, MastersRole: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, OutputMastersRoleArn: *bool, PlaceClusterHandlerInVpc: *bool, Prune: *bool, SecretsEncryptionKey: github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | *string | Name for the cluster. | | OutputClusterName | *bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | *bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | *map[string]*string | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | *map[string]*string | Environment variables for the kubectl execution. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk/v2.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | *bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | *bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | *bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | --- ##### \`Version\`Required \`\`\`go Version KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`go ClusterName *string \`\`\` - *Type:* *string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`go OutputClusterName *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`go OutputConfigCommand *bool \`\`\` - *Type:* *bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`go Role IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`go SecurityGroup ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets *[]SubnetSelection \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`go ClusterHandlerEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`go CoreDnsComputeType CoreDnsComputeType \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`go EndpointAccess EndpointAccess \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`go KubectlEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`go KubectlLayer ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. layer := lambda.NewLayerVersion(this, jsii.String("kubectl-layer"), map[string]interface{}{ "code": lambda.Code_fromAsset(fmt.Sprintf("%v/layer.zip", __dirname)), })var compatibleRuntimes [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`go KubectlMemory Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`go MastersRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`go OutputMastersRoleArn *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`go PlaceClusterHandlerInVpc *bool \`\`\` - *Type:* *bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`go SecretsEncryptionKey IKey \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ### ClusterProps Common configuration props for EKS clusters. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.ClusterProps { Version: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesVersion, ClusterName: *string, OutputClusterName: *bool, OutputConfigCommand: *bool, Role: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, SecurityGroup: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup, Vpc: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc, VpcSubnets: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection, ClusterHandlerEnvironment: *map[string]*string, CoreDnsComputeType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CoreDnsComputeType, EndpointAccess: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.EndpointAccess, KubectlEnvironment: *map[string]*string, KubectlLayer: github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion, KubectlMemory: github.com/aws/aws-cdk-go/awscdk/v2.Size, MastersRole: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, OutputMastersRoleArn: *bool, PlaceClusterHandlerInVpc: *bool, Prune: *bool, SecretsEncryptionKey: github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey, DefaultCapacity: *f64, DefaultCapacityInstance: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType, DefaultCapacityType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.DefaultCapacityType, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | *string | Name for the cluster. | | OutputClusterName | *bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | *bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | *map[string]*string | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | *map[string]*string | Environment variables for the kubectl execution. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk/v2.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | *bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | *bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | *bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | DefaultCapacity | *f64 | Number of instances to allocate as an initial capacity for this cluster. | | DefaultCapacityInstance | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType | The instance type to use for the default capacity. | | DefaultCapacityType | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`Version\`Required \`\`\`go Version KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`go ClusterName *string \`\`\` - *Type:* *string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`go OutputClusterName *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`go OutputConfigCommand *bool \`\`\` - *Type:* *bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`go Role IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`go SecurityGroup ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets *[]SubnetSelection \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`go ClusterHandlerEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`go CoreDnsComputeType CoreDnsComputeType \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`go EndpointAccess EndpointAccess \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`go KubectlEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`go KubectlLayer ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. layer := lambda.NewLayerVersion(this, jsii.String("kubectl-layer"), map[string]interface{}{ "code": lambda.Code_fromAsset(fmt.Sprintf("%v/layer.zip", __dirname)), })var compatibleRuntimes [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`go KubectlMemory Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`go MastersRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`go OutputMastersRoleArn *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`go PlaceClusterHandlerInVpc *bool \`\`\` - *Type:* *bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`go SecretsEncryptionKey IKey \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`DefaultCapacity\`Optional \`\`\`go DefaultCapacity *f64 \`\`\` - *Type:* *f64 - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`DefaultCapacityInstance\`Optional \`\`\`go DefaultCapacityInstance InstanceType \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`DefaultCapacityType\`Optional \`\`\`go DefaultCapacityType DefaultCapacityType \`\`\` - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- ### CommonClusterOptions Options for configuring an EKS cluster. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.CommonClusterOptions { Version: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesVersion, ClusterName: *string, OutputClusterName: *bool, OutputConfigCommand: *bool, Role: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, SecurityGroup: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup, Vpc: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc, VpcSubnets: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | *string | Name for the cluster. | | OutputClusterName | *bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | *bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection | Where to place EKS Control Plane ENIs. | --- ##### \`Version\`Required \`\`\`go Version KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`go ClusterName *string \`\`\` - *Type:* *string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`go OutputClusterName *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`go OutputConfigCommand *bool \`\`\` - *Type:* *bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`go Role IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`go SecurityGroup ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets *[]SubnetSelection \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ### EksOptimizedImageProps Properties for EksOptimizedImage. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.EksOptimizedImageProps { CpuArch: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CpuArch, KubernetesVersion: *string, NodeType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.NodeType, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | CpuArch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | KubernetesVersion | *string | The Kubernetes version to use. | | NodeType | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`CpuArch\`Optional \`\`\`go CpuArch CpuArch \`\`\` - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`KubernetesVersion\`Optional \`\`\`go KubernetesVersion *string \`\`\` - *Type:* *string - *Default:* The latest version The Kubernetes version to use. --- ##### \`NodeType\`Optional \`\`\`go NodeType NodeType \`\`\` - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- ### EncryptionConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.EncryptionConfigProperty { Provider: interface{}, Resources: *[]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Provider | interface{} | \`CfnCluster.EncryptionConfigProperty.Provider\`. | | Resources | *[]*string | \`CfnCluster.EncryptionConfigProperty.Resources\`. | --- ##### \`Provider\`Optional \`\`\`go Provider interface{} \`\`\` - *Type:* interface{} \`CfnCluster.EncryptionConfigProperty.Provider\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider) --- ##### \`Resources\`Optional \`\`\`go Resources *[]*string \`\`\` - *Type:* *[]*string \`CfnCluster.EncryptionConfigProperty.Resources\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources) --- ### FargateClusterProps Configuration props for EKS Fargate. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.FargateClusterProps { Version: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.KubernetesVersion, ClusterName: *string, OutputClusterName: *bool, OutputConfigCommand: *bool, Role: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, SecurityGroup: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup, Vpc: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc, VpcSubnets: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection, ClusterHandlerEnvironment: *map[string]*string, CoreDnsComputeType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CoreDnsComputeType, EndpointAccess: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.EndpointAccess, KubectlEnvironment: *map[string]*string, KubectlLayer: github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion, KubectlMemory: github.com/aws/aws-cdk-go/awscdk/v2.Size, MastersRole: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, OutputMastersRoleArn: *bool, PlaceClusterHandlerInVpc: *bool, Prune: *bool, SecretsEncryptionKey: github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey, DefaultProfile: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.FargateProfileOptions, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | *string | Name for the cluster. | | OutputClusterName | *bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | *bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | *map[string]*string | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | *map[string]*string | Environment variables for the kubectl execution. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk/v2.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | *bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | *bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | *bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | DefaultProfile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`Version\`Required \`\`\`go Version KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`go ClusterName *string \`\`\` - *Type:* *string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`go OutputClusterName *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`go OutputConfigCommand *bool \`\`\` - *Type:* *bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`go Role IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`go SecurityGroup ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets *[]SubnetSelection \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`go ClusterHandlerEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`go CoreDnsComputeType CoreDnsComputeType \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`go EndpointAccess EndpointAccess \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`go KubectlEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`go KubectlLayer ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. layer := lambda.NewLayerVersion(this, jsii.String("kubectl-layer"), map[string]interface{}{ "code": lambda.Code_fromAsset(fmt.Sprintf("%v/layer.zip", __dirname)), })var compatibleRuntimes [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`go KubectlMemory Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`go MastersRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`go OutputMastersRoleArn *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`go PlaceClusterHandlerInVpc *bool \`\`\` - *Type:* *bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`go SecretsEncryptionKey IKey \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`DefaultProfile\`Optional \`\`\`go DefaultProfile FargateProfileOptions \`\`\` - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- ### FargateProfileOptions Options for defining EKS Fargate Profiles. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.FargateProfileOptions { Selectors: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.Selector, FargateProfileName: *string, PodExecutionRole: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, SubnetSelection: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection, Vpc: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Selectors | *[]Selector | The selectors to match for pods to use this Fargate profile. | | FargateProfileName | *string | The name of the Fargate profile. | | PodExecutionRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | SubnetSelection | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | --- ##### \`Selectors\`Required \`\`\`go Selectors *[]Selector \`\`\` - *Type:* *[]Selector The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`FargateProfileName\`Optional \`\`\`go FargateProfileName *string \`\`\` - *Type:* *string - *Default:* generated The name of the Fargate profile. --- ##### \`PodExecutionRole\`Optional \`\`\`go PodExecutionRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`SubnetSelection\`Optional \`\`\`go SubnetSelection SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ### FargateProfileProps Configuration props for EKS Fargate Profiles. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.FargateProfileProps { Selectors: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.Selector, FargateProfileName: *string, PodExecutionRole: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, SubnetSelection: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection, Vpc: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc, Cluster: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.Cluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Selectors | *[]Selector | The selectors to match for pods to use this Fargate profile. | | FargateProfileName | *string | The name of the Fargate profile. | | PodExecutionRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | SubnetSelection | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | Cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`Selectors\`Required \`\`\`go Selectors *[]Selector \`\`\` - *Type:* *[]Selector The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`FargateProfileName\`Optional \`\`\`go FargateProfileName *string \`\`\` - *Type:* *string - *Default:* generated The name of the Fargate profile. --- ##### \`PodExecutionRole\`Optional \`\`\`go PodExecutionRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`SubnetSelection\`Optional \`\`\`go SubnetSelection SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`Cluster\`Required \`\`\`go Cluster Cluster \`\`\` - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- ### HelmChartOptions Helm Chart options. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.HelmChartOptions { Chart: *string, CreateNamespace: *bool, Namespace: *string, Release: *string, Repository: *string, Timeout: github.com/aws/aws-cdk-go/awscdk/v2.Duration, Values: *map[string]interface{}, Version: *string, Wait: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Chart | *string | The name of the chart. | | CreateNamespace | *bool | create namespace if not exist. | | Namespace | *string | The Kubernetes namespace scope of the requests. | | Release | *string | The name of the release. | | Repository | *string | The repository which contains the chart. | | Timeout | github.com/aws/aws-cdk-go/awscdk/v2.Duration | Amount of time to wait for any individual Kubernetes operation. | | Values | *map[string]interface{} | The values to be used by the chart. | | Version | *string | The chart version to install. | | Wait | *bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | --- ##### \`Chart\`Required \`\`\`go Chart *string \`\`\` - *Type:* *string The name of the chart. --- ##### \`CreateNamespace\`Optional \`\`\`go CreateNamespace *bool \`\`\` - *Type:* *bool - *Default:* true create namespace if not exist. --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`Release\`Optional \`\`\`go Release *string \`\`\` - *Type:* *string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`Repository\`Optional \`\`\`go Repository *string \`\`\` - *Type:* *string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`Timeout\`Optional \`\`\`go Timeout Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`Values\`Optional \`\`\`go Values *map[string]interface{} \`\`\` - *Type:* *map[string]interface{} - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`Wait\`Optional \`\`\`go Wait *bool \`\`\` - *Type:* *bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ### HelmChartProps Helm Chart properties. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.HelmChartProps { Chart: *string, CreateNamespace: *bool, Namespace: *string, Release: *string, Repository: *string, Timeout: github.com/aws/aws-cdk-go/awscdk/v2.Duration, Values: *map[string]interface{}, Version: *string, Wait: *bool, Cluster: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ICluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Chart | *string | The name of the chart. | | CreateNamespace | *bool | create namespace if not exist. | | Namespace | *string | The Kubernetes namespace scope of the requests. | | Release | *string | The name of the release. | | Repository | *string | The repository which contains the chart. | | Timeout | github.com/aws/aws-cdk-go/awscdk/v2.Duration | Amount of time to wait for any individual Kubernetes operation. | | Values | *map[string]interface{} | The values to be used by the chart. | | Version | *string | The chart version to install. | | Wait | *bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | Cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`Chart\`Required \`\`\`go Chart *string \`\`\` - *Type:* *string The name of the chart. --- ##### \`CreateNamespace\`Optional \`\`\`go CreateNamespace *bool \`\`\` - *Type:* *bool - *Default:* true create namespace if not exist. --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`Release\`Optional \`\`\`go Release *string \`\`\` - *Type:* *string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`Repository\`Optional \`\`\`go Repository *string \`\`\` - *Type:* *string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`Timeout\`Optional \`\`\`go Timeout Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`Values\`Optional \`\`\`go Values *map[string]interface{} \`\`\` - *Type:* *map[string]interface{} - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`Wait\`Optional \`\`\`go Wait *bool \`\`\` - *Type:* *bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### KubernetesManifestOptions Options for \`KubernetesManifest\`. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.KubernetesManifestOptions { Prune: *bool, SkipValidation: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Prune | *bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | SkipValidation | *bool | A flag to signify if the manifest validation should be skipped. | --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`SkipValidation\`Optional \`\`\`go SkipValidation *bool \`\`\` - *Type:* *bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ### KubernetesManifestProps Properties for KubernetesManifest. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.KubernetesManifestProps { Prune: *bool, SkipValidation: *bool, Cluster: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ICluster, Manifest: *[]*map[string]interface{}, Overwrite: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Prune | *bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | SkipValidation | *bool | A flag to signify if the manifest validation should be skipped. | | Cluster | ICluster | The EKS cluster to apply this manifest to. | | Manifest | *[]*map[string]interface{} | The manifest to apply. | | Overwrite | *bool | Overwrite any existing resources. | --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`SkipValidation\`Optional \`\`\`go SkipValidation *bool \`\`\` - *Type:* *bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`Manifest\`Required \`\`\`go Manifest *[]*map[string]interface{} \`\`\` - *Type:* *[]*map[string]interface{} The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`go []map[string]interface{}{ map[string]interface{}{ "apiVersion": jsii.String("v1"), "kind": jsii.String("Pod"), "metadata": map[string]*string{ "name": jsii.String("mypod"), }, "spec": map[string][]map[string]interface{}{ "containers": []map[string]interface{}{ map[string]interface{}{ "name": jsii.String("hello"), "image": jsii.String("paulbouwer/hello-kubernetes:1.5"), "ports": []map[string]*f64{ map[string]*f64{ "containerPort": jsii.Number(8080), }, }, }, }, }, }, } \`\`\` ##### \`Overwrite\`Optional \`\`\`go Overwrite *bool \`\`\` - *Type:* *bool - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- ### KubernetesNetworkConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.KubernetesNetworkConfigProperty { ServiceIpv4Cidr: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ServiceIpv4Cidr | *string | \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. | --- ##### \`ServiceIpv4Cidr\`Optional \`\`\`go ServiceIpv4Cidr *string \`\`\` - *Type:* *string \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr) --- ### KubernetesObjectValueProps Properties for KubernetesObjectValue. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.KubernetesObjectValueProps { Cluster: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ICluster, JsonPath: *string, ObjectName: *string, ObjectType: *string, ObjectNamespace: *string, Timeout: github.com/aws/aws-cdk-go/awscdk/v2.Duration, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Cluster | ICluster | The EKS cluster to fetch attributes from. | | JsonPath | *string | JSONPath to the specific value. | | ObjectName | *string | The name of the object to query. | | ObjectType | *string | The object type to query. | | ObjectNamespace | *string | The namespace the object belongs to. | | Timeout | github.com/aws/aws-cdk-go/awscdk/v2.Duration | Timeout for waiting on a value. | --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`JsonPath\`Required \`\`\`go JsonPath *string \`\`\` - *Type:* *string JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`ObjectName\`Required \`\`\`go ObjectName *string \`\`\` - *Type:* *string The name of the object to query. --- ##### \`ObjectType\`Required \`\`\`go ObjectType *string \`\`\` - *Type:* *string The object type to query. (e.g 'service', 'pod'...) --- ##### \`ObjectNamespace\`Optional \`\`\`go ObjectNamespace *string \`\`\` - *Type:* *string - *Default:* 'default' The namespace the object belongs to. --- ##### \`Timeout\`Optional \`\`\`go Timeout Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- ### KubernetesPatchProps Properties for KubernetesPatch. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.KubernetesPatchProps { ApplyPatch: *map[string]interface{}, Cluster: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ICluster, ResourceName: *string, RestorePatch: *map[string]interface{}, PatchType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.PatchType, ResourceNamespace: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ApplyPatch | *map[string]interface{} | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | Cluster | ICluster | The cluster to apply the patch to. | | ResourceName | *string | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | RestorePatch | *map[string]interface{} | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | PatchType | PatchType | The patch type to pass to \`kubectl patch\`. | | ResourceNamespace | *string | The kubernetes API namespace. | --- ##### \`ApplyPatch\`Required \`\`\`go ApplyPatch *map[string]interface{} \`\`\` - *Type:* *map[string]interface{} The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`ResourceName\`Required \`\`\`go ResourceName *string \`\`\` - *Type:* *string The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`RestorePatch\`Required \`\`\`go RestorePatch *map[string]interface{} \`\`\` - *Type:* *map[string]interface{} The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`PatchType\`Optional \`\`\`go PatchType PatchType \`\`\` - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`ResourceNamespace\`Optional \`\`\`go ResourceNamespace *string \`\`\` - *Type:* *string - *Default:* "default" The kubernetes API namespace. --- ### LabelProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.LabelProperty { Key: *string, Value: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Key | *string | \`CfnFargateProfile.LabelProperty.Key\`. | | Value | *string | \`CfnFargateProfile.LabelProperty.Value\`. | --- ##### \`Key\`Required \`\`\`go Key *string \`\`\` - *Type:* *string \`CfnFargateProfile.LabelProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key) --- ##### \`Value\`Required \`\`\`go Value *string \`\`\` - *Type:* *string \`CfnFargateProfile.LabelProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value) --- ### LaunchTemplateSpec Launch template property specification. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.LaunchTemplateSpec { Id: *string, Version: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Id | *string | The Launch template ID. | | Version | *string | The launch template version to be used (optional). | --- ##### \`Id\`Required \`\`\`go Id *string \`\`\` - *Type:* *string The Launch template ID. --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string - *Default:* the default version of the launch template The launch template version to be used (optional). --- ### LaunchTemplateSpecificationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.LaunchTemplateSpecificationProperty { Id: *string, Name: *string, Version: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Id | *string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. | | Name | *string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. | | Version | *string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. | --- ##### \`Id\`Optional \`\`\`go Id *string \`\`\` - *Type:* *string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id) --- ##### \`Name\`Optional \`\`\`go Name *string \`\`\` - *Type:* *string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name) --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version) --- ### NodegroupOptions The Nodegroup Options for addNodeGroup() method. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.NodegroupOptions { AmiType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.NodegroupAmiType, CapacityType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CapacityType, DesiredSize: *f64, DiskSize: *f64, ForceUpdate: *bool, InstanceTypes: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType, Labels: *map[string]*string, LaunchTemplateSpec: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.LaunchTemplateSpec, MaxSize: *f64, MinSize: *f64, NodegroupName: *string, NodeRole: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, ReleaseVersion: *string, RemoteAccess: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.NodegroupRemoteAccess, Subnets: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection, Tags: *map[string]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AmiType | NodegroupAmiType | The AMI type for your node group. | | CapacityType | CapacityType | The capacity type of the nodegroup. | | DesiredSize | *f64 | The current number of worker nodes that the managed node group should maintain. | | DiskSize | *f64 | The root device disk size (in GiB) for your node group instances. | | ForceUpdate | *bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | InstanceTypes | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType | The instance types to use for your node group. | | Labels | *map[string]*string | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | LaunchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | MaxSize | *f64 | The maximum number of worker nodes that the managed node group can scale out to. | | MinSize | *f64 | The minimum number of worker nodes that the managed node group can scale in to. | | NodegroupName | *string | Name of the Nodegroup. | | NodeRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | The IAM role to associate with your node group. | | ReleaseVersion | *string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | RemoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | Subnets | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | Tags | *map[string]*string | The metadata to apply to the node group to assist with categorization and organization. | --- ##### \`AmiType\`Optional \`\`\`go AmiType NodegroupAmiType \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`CapacityType\`Optional \`\`\`go CapacityType CapacityType \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`DesiredSize\`Optional \`\`\`go DesiredSize *f64 \`\`\` - *Type:* *f64 - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`DiskSize\`Optional \`\`\`go DiskSize *f64 \`\`\` - *Type:* *f64 - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`ForceUpdate\`Optional \`\`\`go ForceUpdate *bool \`\`\` - *Type:* *bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`InstanceTypes\`Optional \`\`\`go InstanceTypes *[]InstanceType \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`go Labels *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`LaunchTemplateSpec\`Optional \`\`\`go LaunchTemplateSpec LaunchTemplateSpec \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`MaxSize\`Optional \`\`\`go MaxSize *f64 \`\`\` - *Type:* *f64 - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`MinSize\`Optional \`\`\`go MinSize *f64 \`\`\` - *Type:* *f64 - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`NodegroupName\`Optional \`\`\`go NodegroupName *string \`\`\` - *Type:* *string - *Default:* resource ID Name of the Nodegroup. --- ##### \`NodeRole\`Optional \`\`\`go NodeRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`ReleaseVersion\`Optional \`\`\`go ReleaseVersion *string \`\`\` - *Type:* *string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`RemoteAccess\`Optional \`\`\`go RemoteAccess NodegroupRemoteAccess \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`Subnets\`Optional \`\`\`go Subnets SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`Tags\`Optional \`\`\`go Tags *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ### NodegroupProps NodeGroup properties interface. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.NodegroupProps { AmiType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.NodegroupAmiType, CapacityType: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.CapacityType, DesiredSize: *f64, DiskSize: *f64, ForceUpdate: *bool, InstanceTypes: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType, Labels: *map[string]*string, LaunchTemplateSpec: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.LaunchTemplateSpec, MaxSize: *f64, MinSize: *f64, NodegroupName: *string, NodeRole: github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole, ReleaseVersion: *string, RemoteAccess: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.NodegroupRemoteAccess, Subnets: github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection, Tags: *map[string]*string, Cluster: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ICluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AmiType | NodegroupAmiType | The AMI type for your node group. | | CapacityType | CapacityType | The capacity type of the nodegroup. | | DesiredSize | *f64 | The current number of worker nodes that the managed node group should maintain. | | DiskSize | *f64 | The root device disk size (in GiB) for your node group instances. | | ForceUpdate | *bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | InstanceTypes | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType | The instance types to use for your node group. | | Labels | *map[string]*string | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | LaunchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | MaxSize | *f64 | The maximum number of worker nodes that the managed node group can scale out to. | | MinSize | *f64 | The minimum number of worker nodes that the managed node group can scale in to. | | NodegroupName | *string | Name of the Nodegroup. | | NodeRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | The IAM role to associate with your node group. | | ReleaseVersion | *string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | RemoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | Subnets | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | Tags | *map[string]*string | The metadata to apply to the node group to assist with categorization and organization. | | Cluster | ICluster | Cluster resource. | --- ##### \`AmiType\`Optional \`\`\`go AmiType NodegroupAmiType \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`CapacityType\`Optional \`\`\`go CapacityType CapacityType \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`DesiredSize\`Optional \`\`\`go DesiredSize *f64 \`\`\` - *Type:* *f64 - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`DiskSize\`Optional \`\`\`go DiskSize *f64 \`\`\` - *Type:* *f64 - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`ForceUpdate\`Optional \`\`\`go ForceUpdate *bool \`\`\` - *Type:* *bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`InstanceTypes\`Optional \`\`\`go InstanceTypes *[]InstanceType \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.InstanceType - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`go Labels *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`LaunchTemplateSpec\`Optional \`\`\`go LaunchTemplateSpec LaunchTemplateSpec \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`MaxSize\`Optional \`\`\`go MaxSize *f64 \`\`\` - *Type:* *f64 - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`MinSize\`Optional \`\`\`go MinSize *f64 \`\`\` - *Type:* *f64 - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`NodegroupName\`Optional \`\`\`go NodegroupName *string \`\`\` - *Type:* *string - *Default:* resource ID Name of the Nodegroup. --- ##### \`NodeRole\`Optional \`\`\`go NodeRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`ReleaseVersion\`Optional \`\`\`go ReleaseVersion *string \`\`\` - *Type:* *string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`RemoteAccess\`Optional \`\`\`go RemoteAccess NodegroupRemoteAccess \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`Subnets\`Optional \`\`\`go Subnets SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`Tags\`Optional \`\`\`go Tags *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster Cluster resource. --- ### NodegroupRemoteAccess The remote access (SSH) configuration to use with your node group. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.NodegroupRemoteAccess { SshKeyName: *string, SourceSecurityGroups: *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | SshKeyName | *string | The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. | | SourceSecurityGroups | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | The security groups that are allowed SSH access (port 22) to the worker nodes. | --- ##### \`SshKeyName\`Required \`\`\`go SshKeyName *string \`\`\` - *Type:* *string The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. --- ##### \`SourceSecurityGroups\`Optional \`\`\`go SourceSecurityGroups *[]ISecurityGroup \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup - *Default:* port 22 on the worker nodes is opened to the internet (0.0.0.0/0) The security groups that are allowed SSH access (port 22) to the worker nodes. If you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0). --- ### OpenIdConnectProviderProps Initialization properties for \`OpenIdConnectProvider\`. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.OpenIdConnectProviderProps { Url: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Url | *string | The URL of the identity provider. | --- ##### \`Url\`Required \`\`\`go Url *string \`\`\` - *Type:* *string The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- ### ProviderProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.ProviderProperty { KeyArn: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | KeyArn | *string | \`CfnCluster.ProviderProperty.KeyArn\`. | --- ##### \`KeyArn\`Optional \`\`\`go KeyArn *string \`\`\` - *Type:* *string \`CfnCluster.ProviderProperty.KeyArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn) --- ### RemoteAccessProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.RemoteAccessProperty { Ec2SshKey: *string, SourceSecurityGroups: *[]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Ec2SshKey | *string | \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. | | SourceSecurityGroups | *[]*string | \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. | --- ##### \`Ec2SshKey\`Required \`\`\`go Ec2SshKey *string \`\`\` - *Type:* *string \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey) --- ##### \`SourceSecurityGroups\`Optional \`\`\`go SourceSecurityGroups *[]*string \`\`\` - *Type:* *[]*string \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups) --- ### ResourcesVpcConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.ResourcesVpcConfigProperty { SubnetIds: *[]*string, SecurityGroupIds: *[]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | SubnetIds | *[]*string | \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. | | SecurityGroupIds | *[]*string | \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. | --- ##### \`SubnetIds\`Required \`\`\`go SubnetIds *[]*string \`\`\` - *Type:* *[]*string \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids) --- ##### \`SecurityGroupIds\`Optional \`\`\`go SecurityGroupIds *[]*string \`\`\` - *Type:* *[]*string \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids) --- ### ScalingConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.ScalingConfigProperty { DesiredSize: *f64, MaxSize: *f64, MinSize: *f64, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | DesiredSize | *f64 | \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. | | MaxSize | *f64 | \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. | | MinSize | *f64 | \`CfnNodegroup.ScalingConfigProperty.MinSize\`. | --- ##### \`DesiredSize\`Optional \`\`\`go DesiredSize *f64 \`\`\` - *Type:* *f64 \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize) --- ##### \`MaxSize\`Optional \`\`\`go MaxSize *f64 \`\`\` - *Type:* *f64 \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize) --- ##### \`MinSize\`Optional \`\`\`go MinSize *f64 \`\`\` - *Type:* *f64 \`CfnNodegroup.ScalingConfigProperty.MinSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize) --- ### Selector Fargate profile selector. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.Selector { Namespace: *string, Labels: *map[string]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | *string | The Kubernetes namespace that the selector should match. | | Labels | *map[string]*string | The Kubernetes labels that the selector should match. | --- ##### \`Namespace\`Required \`\`\`go Namespace *string \`\`\` - *Type:* *string The Kubernetes namespace that the selector should match. You must specify a namespace for a selector. The selector only matches pods that are created in this namespace, but you can create multiple selectors to target multiple namespaces. --- ##### \`Labels\`Optional \`\`\`go Labels *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* all pods within the namespace will be selected. The Kubernetes labels that the selector should match. A pod must contain all of the labels that are specified in the selector for it to be considered a match. --- ### SelectorProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.SelectorProperty { Namespace: *string, Labels: interface{}, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | *string | \`CfnFargateProfile.SelectorProperty.Namespace\`. | | Labels | interface{} | \`CfnFargateProfile.SelectorProperty.Labels\`. | --- ##### \`Namespace\`Required \`\`\`go Namespace *string \`\`\` - *Type:* *string \`CfnFargateProfile.SelectorProperty.Namespace\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace) --- ##### \`Labels\`Optional \`\`\`go Labels interface{} \`\`\` - *Type:* interface{} \`CfnFargateProfile.SelectorProperty.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels) --- ### ServiceAccountOptions Options for \`ServiceAccount\`. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.ServiceAccountOptions { Name: *string, Namespace: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Name | *string | The name of the service account. | | Namespace | *string | The namespace of the service account. | --- ##### \`Name\`Optional \`\`\`go Name *string \`\`\` - *Type:* *string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* "default" The namespace of the service account. --- ### ServiceAccountProps Properties for defining service accounts. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.ServiceAccountProps { Name: *string, Namespace: *string, Cluster: github.com/aws/aws-cdk-go/awscdk/v2.aws_eks.ICluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Name | *string | The name of the service account. | | Namespace | *string | The namespace of the service account. | | Cluster | ICluster | The cluster to apply the patch to. | --- ##### \`Name\`Optional \`\`\`go Name *string \`\`\` - *Type:* *string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* "default" The namespace of the service account. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The cluster to apply the patch to. --- ### ServiceLoadBalancerAddressOptions Options for fetching a ServiceLoadBalancerAddress. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.ServiceLoadBalancerAddressOptions { Namespace: *string, Timeout: github.com/aws/aws-cdk-go/awscdk/v2.Duration, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | *string | The namespace the service belongs to. | | Timeout | github.com/aws/aws-cdk-go/awscdk/v2.Duration | Timeout for waiting on the load balancer address. | --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* 'default' The namespace the service belongs to. --- ##### \`Timeout\`Optional \`\`\`go Timeout Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- ### TaintProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" &awseks.TaintProperty { Effect: *string, Key: *string, Value: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Effect | *string | \`CfnNodegroup.TaintProperty.Effect\`. | | Key | *string | \`CfnNodegroup.TaintProperty.Key\`. | | Value | *string | \`CfnNodegroup.TaintProperty.Value\`. | --- ##### \`Effect\`Optional \`\`\`go Effect *string \`\`\` - *Type:* *string \`CfnNodegroup.TaintProperty.Effect\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect) --- ##### \`Key\`Optional \`\`\`go Key *string \`\`\` - *Type:* *string \`CfnNodegroup.TaintProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key) --- ##### \`Value\`Optional \`\`\`go Value *string \`\`\` - *Type:* *string \`CfnNodegroup.TaintProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value) --- ## Classes ### EksOptimizedImage - *Implements:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IMachineImage Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.NewEksOptimizedImage(props EksOptimizedImageProps) EksOptimizedImage \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | props | EksOptimizedImageProps | *No description.* | --- ##### \`props\`Optional - *Type:* EksOptimizedImageProps --- #### Methods | **Name** | **Description** | | --- | --- | | GetImage | Return the correct image. | --- ##### \`GetImage\` \`\`\`go func GetImage(scope Construct) MachineImageConfig \`\`\` Return the correct image. ###### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ### EndpointAccess Endpoint access characteristics. #### Methods | **Name** | **Description** | | --- | --- | | OnlyFrom | Restrict public access to specific CIDR blocks. | --- ##### \`OnlyFrom\` \`\`\`go func OnlyFrom(cidr *string) EndpointAccess \`\`\` Restrict public access to specific CIDR blocks. If public access is disabled, this method will result in an error. ###### \`cidr\`Required - *Type:* *string CIDR blocks. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | Private | EndpointAccess | The cluster endpoint is only accessible through your VPC. | | Public | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | | PublicAndPrivate | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | --- ##### \`Private\`Required \`\`\`go func Private() EndpointAccess \`\`\` - *Type:* EndpointAccess The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC. --- ##### \`Public\`Required \`\`\`go func Public() EndpointAccess \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic will leave your VPC to connect to the endpoint. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ##### \`PublicAndPrivate\`Required \`\`\`go func PublicAndPrivate() EndpointAccess \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic to the endpoint will stay within your VPC. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC_AND_PRIVATE.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ### KubernetesVersion Kubernetes cluster version. #### Static Functions | **Name** | **Description** | | --- | --- | | Of | Custom cluster version. | --- ##### \`Of\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/v2/awseks" awseks.KubernetesVersion_Of(version *string) KubernetesVersion \`\`\` Custom cluster version. ###### \`version\`Required - *Type:* *string custom version number. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | *string | cluster version number. | --- ##### \`Version\`Required \`\`\`go func Version() *string \`\`\` - *Type:* *string cluster version number. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | V114 | KubernetesVersion | Kubernetes version 1.14. | | V115 | KubernetesVersion | Kubernetes version 1.15. | | V116 | KubernetesVersion | Kubernetes version 1.16. | | V117 | KubernetesVersion | Kubernetes version 1.17. | | V118 | KubernetesVersion | Kubernetes version 1.18. | | V119 | KubernetesVersion | Kubernetes version 1.19. | --- ##### \`V114\`Required \`\`\`go func V114() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.14. --- ##### \`V115\`Required \`\`\`go func V115() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.15. --- ##### \`V116\`Required \`\`\`go func V116() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.16. --- ##### \`V117\`Required \`\`\`go func V117() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.17. --- ##### \`V118\`Required \`\`\`go func V118() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.18. --- ##### \`V119\`Required \`\`\`go func V119() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.19. --- ## Protocols ### ICluster - *Extends:* github.com/aws/aws-cdk-go/awscdk/v2.IResource, github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IConnectable - *Implemented By:* Cluster, FargateCluster, ICluster An EKS cluster. #### Methods | **Name** | **Description** | | --- | --- | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | --- ##### \`AddCdk8sChart\` \`\`\`go func AddCdk8sChart(id *string, chart Construct) KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`chart\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the cdk8s chart. --- ##### \`AddHelmChart\` \`\`\`go func AddHelmChart(id *string, options HelmChartOptions) HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`go func AddManifest(id *string, manifest *map[string]interface{}) KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* *string logical id of this manifest. --- ###### \`manifest\`Required - *Type:* *map[string]interface{} a list of Kubernetes resource specifications. --- ##### \`AddServiceAccount\` \`\`\`go func AddServiceAccount(id *string, options ServiceAccountOptions) ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* *string logical id of service account. --- ###### \`options\`Optional - *Type:* ServiceAccountOptions service account options. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | Env | github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this resource is defined. | | Connections | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Connections | *No description.* | | ClusterArn | *string | The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. | | ClusterCertificateAuthorityData | *string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | *string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | *string | The API Server endpoint URL. | | ClusterName | *string | The physical name of the Cluster. | | ClusterSecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | *string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | OpenIdConnectProvider | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider | The Open ID Connect Provider of the cluster used to configure Service Accounts. | | Prune | *bool | Indicates whether Kubernetes resources can be automatically pruned. | | Vpc | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc | The VPC in which this Cluster was created. | | KubectlEnvironment | *map[string]*string | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion | An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk/v2.Size | Amount of memory to allocate to the provider's lambda function. | | KubectlPrivateSubnets | *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnet | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this resource is defined. --- ##### \`Connections\`Required \`\`\`go func Connections() Connections \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.Connections --- ##### \`ClusterArn\`Required \`\`\`go func ClusterArn() *string \`\`\` - *Type:* *string The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. --- ##### \`ClusterCertificateAuthorityData\`Required \`\`\`go func ClusterCertificateAuthorityData() *string \`\`\` - *Type:* *string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`go func ClusterEncryptionConfigKeyArn() *string \`\`\` - *Type:* *string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`go func ClusterEndpoint() *string \`\`\` - *Type:* *string The API Server endpoint URL. --- ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string The physical name of the Cluster. --- ##### \`ClusterSecurityGroup\`Required \`\`\`go func ClusterSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`go func ClusterSecurityGroupId() *string \`\`\` - *Type:* *string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`go func OpenIdConnectProvider() IOpenIdConnectProvider \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IOpenIdConnectProvider The Open ID Connect Provider of the cluster used to configure Service Accounts. --- ##### \`Prune\`Required \`\`\`go func Prune() *bool \`\`\` - *Type:* *bool Indicates whether Kubernetes resources can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`Vpc\`Required \`\`\`go func Vpc() IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`KubectlEnvironment\`Optional \`\`\`go func KubectlEnvironment() *map[string]*string \`\`\` - *Type:* *map[string]*string Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`go func KubectlLayer() ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_lambda.ILayerVersion An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. If not defined, a default layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`go func KubectlMemory() Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Size Amount of memory to allocate to the provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`go func KubectlPrivateSubnets() *[]ISubnet \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISubnet Subnets to host the \`kubectl\` compute resources. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ##### \`KubectlRole\`Optional \`\`\`go func KubectlRole() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`go func KubectlSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.aws_ec2.ISecurityGroup A security group to use for \`kubectl\` execution. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ### INodegroup - *Extends:* github.com/aws/aws-cdk-go/awscdk/v2.IResource - *Implemented By:* Nodegroup, INodegroup NodeGroup interface. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/constructs-go/constructs/v10.Node | The tree node. | | Env | github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk/v2.Stack | The stack in which this resource is defined. | | NodegroupName | *string | Name of the nodegroup. | --- ##### \`Node\`Required \`\`\`go func Node() Node \`\`\` - *Type:* github.com/aws/constructs-go/constructs/v10.Node The tree node. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk/v2.Stack The stack in which this resource is defined. --- ##### \`NodegroupName\`Required \`\`\`go func NodegroupName() *string \`\`\` - *Type:* *string Name of the nodegroup. --- ## Enums ### CapacityType Capacity type of the managed node group. #### Members | **Name** | **Description** | | --- | --- | | CapacityType_SPOT | spot instances. | | CapacityType_ON_DEMAND | on-demand instances. | --- ##### \`CapacityType_SPOT\` spot instances. --- ##### \`CapacityType_ON_DEMAND\` on-demand instances. --- ### CoreDnsComputeType The type of compute resources to use for CoreDNS. #### Members | **Name** | **Description** | | --- | --- | | CoreDnsComputeType_EC2 | Deploy CoreDNS on EC2 instances. | | CoreDnsComputeType_FARGATE | Deploy CoreDNS on Fargate-managed instances. | --- ##### \`CoreDnsComputeType_EC2\` Deploy CoreDNS on EC2 instances. --- ##### \`CoreDnsComputeType_FARGATE\` Deploy CoreDNS on Fargate-managed instances. --- ### CpuArch CPU architecture. #### Members | **Name** | **Description** | | --- | --- | | CpuArch_ARM_64 | arm64 CPU type. | | CpuArch_X86_64 | x86_64 CPU type. | --- ##### \`CpuArch_ARM_64\` arm64 CPU type. --- ##### \`CpuArch_X86_64\` x86_64 CPU type. --- ### DefaultCapacityType The default capacity type for the cluster. #### Members | **Name** | **Description** | | --- | --- | | DefaultCapacityType_NODEGROUP | managed node group. | | DefaultCapacityType_EC2 | EC2 autoscaling group. | --- ##### \`DefaultCapacityType_NODEGROUP\` managed node group. --- ##### \`DefaultCapacityType_EC2\` EC2 autoscaling group. --- ### MachineImageType The machine image type. #### Members | **Name** | **Description** | | --- | --- | | MachineImageType_AMAZON_LINUX_2 | Amazon EKS-optimized Linux AMI. | | MachineImageType_BOTTLEROCKET | Bottlerocket AMI. | --- ##### \`MachineImageType_AMAZON_LINUX_2\` Amazon EKS-optimized Linux AMI. --- ##### \`MachineImageType_BOTTLEROCKET\` Bottlerocket AMI. --- ### NodegroupAmiType The AMI type for your node group. GPU instance types should use the \`AL2_x86_64_GPU\` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the \`AL2_x86_64\` AMI type, which uses the Amazon EKS-optimized Linux AMI. #### Members | **Name** | **Description** | | --- | --- | | NodegroupAmiType_AL2_X86_64 | Amazon Linux 2 (x86-64). | | NodegroupAmiType_AL2_X86_64_GPU | Amazon Linux 2 with GPU support. | | NodegroupAmiType_AL2_ARM_64 | Amazon Linux 2 (ARM-64). | --- ##### \`NodegroupAmiType_AL2_X86_64\` Amazon Linux 2 (x86-64). --- ##### \`NodegroupAmiType_AL2_X86_64_GPU\` Amazon Linux 2 with GPU support. --- ##### \`NodegroupAmiType_AL2_ARM_64\` Amazon Linux 2 (ARM-64). --- ### NodeType Whether the worker nodes should support GPU or just standard instances. #### Members | **Name** | **Description** | | --- | --- | | NodeType_STANDARD | Standard instances. | | NodeType_GPU | GPU instances. | | NodeType_INFERENTIA | Inferentia instances. | --- ##### \`NodeType_STANDARD\` Standard instances. --- ##### \`NodeType_GPU\` GPU instances. --- ##### \`NodeType_INFERENTIA\` Inferentia instances. --- ### PatchType Values for \`kubectl patch\` --type argument. #### Members | **Name** | **Description** | | --- | --- | | PatchType_JSON | JSON Patch, RFC 6902. | | PatchType_MERGE | JSON Merge patch. | | PatchType_STRATEGIC | Strategic merge patch. | --- ##### \`PatchType_JSON\` JSON Patch, RFC 6902. --- ##### \`PatchType_MERGE\` JSON Merge patch. --- ##### \`PatchType_STRATEGIC\` Strategic merge patch. --- " `; exports[`go snapshot - submodules 2 1`] = ` "# Amazon EKS Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This construct library allows you to define [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com/eks/) clusters. In addition, the library also supports defining Kubernetes resource manifests within EKS clusters. ## Table Of Contents * [Quick Start](#quick-start) * [API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-eks-readme.html) * [Architectural Overview](#architectural-overview) * [Provisioning clusters](#provisioning-clusters) * [Managed node groups](#managed-node-groups) * [Fargate Profiles](#fargate-profiles) * [Self-managed nodes](#self-managed-nodes) * [Endpoint Access](#endpoint-access) * [VPC Support](#vpc-support) * [Kubectl Support](#kubectl-support) * [ARM64 Support](#arm64-support) * [Masters Role](#masters-role) * [Encryption](#encryption) * [Permissions and Security](#permissions-and-security) * [Applying Kubernetes Resources](#applying-kubernetes-resources) * [Kubernetes Manifests](#kubernetes-manifests) * [Helm Charts](#helm-charts) * [CDK8s Charts](#cdk8s-charts) * [Patching Kubernetes Resources](#patching-kubernetes-resources) * [Querying Kubernetes Resources](#querying-kubernetes-resources) * [Using existing clusters](#using-existing-clusters) * [Known Issues and Limitations](#known-issues-and-limitations) ## Quick Start This example defines an Amazon EKS cluster with the following configuration: * Dedicated VPC with default configuration (Implicitly created using [ec2.Vpc](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html#vpc)) * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image. \`\`\`ts // provisiong a cluster const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, }); // apply a kubernetes manifest to the cluster cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ] } }); \`\`\` In order to interact with your cluster through \`kubectl\`, you can use the \`aws eks update-kubeconfig\` [AWS CLI command](https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html) to configure your local kubeconfig. The EKS module will define a CloudFormation output in your stack which contains the command to run. For example: \`\`\`plaintext Outputs: ClusterConfigCommand43AAE40F = aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy \`\`\` Execute the \`aws eks update-kubeconfig ...\` command in your terminal to create or update a local kubeconfig context: \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` And now you can simply use \`kubectl\`: \`\`\`console $ kubectl get all -n kube-system NAME READY STATUS RESTARTS AGE pod/aws-node-fpmwv 1/1 Running 0 21m pod/aws-node-m9htf 1/1 Running 0 21m pod/coredns-5cb4fb54c7-q222j 1/1 Running 0 23m pod/coredns-5cb4fb54c7-v9nxx 1/1 Running 0 23m ... \`\`\` ## Architectural Overview The following is a qualitative diagram of the various possible components involved in the cluster deployment. \`\`\`text +-----------------------------------------------+ +-----------------+ | EKS Cluster | kubectl | | |-----------------------------------------------|<-------------+| Kubectl Handler | | | | | | | +-----------------+ | +--------------------+ +-----------------+ | | | | | | | | | Managed Node Group | | Fargate Profile | | +-----------------+ | | | | | | | | | +--------------------+ +-----------------+ | | Cluster Handler | | | | | +-----------------------------------------------+ +-----------------+ ^ ^ + | | | | connect self managed capacity | | aws-sdk | | create/update/delete | + | v +--------------------+ + +-------------------+ | | --------------+| eks.amazonaws.com | | Auto Scaling Group | +-------------------+ | | +--------------------+ \`\`\` In a nutshell: * \`EKS Cluster\` - The cluster endpoint created by EKS. * \`Managed Node Group\` - EC2 worker nodes managed by EKS. * \`Fargate Profile\` - Fargate worker nodes managed by EKS. * \`Auto Scaling Group\` - EC2 worker nodes managed by the user. * \`KubectlHandler\` - Lambda function for invoking \`kubectl\` commands on the cluster - created by CDK. * \`ClusterHandler\` - Lambda function for interacting with EKS API to manage the cluster lifecycle - created by CDK. A more detailed breakdown of each is provided further down this README. ## Provisioning clusters Creating a new cluster is done using the \`Cluster\` or \`FargateCluster\` constructs. The only required property is the kubernetes \`version\`. \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` You can also use \`FargateCluster\` to provision a cluster that uses only fargate workers. \`\`\`ts new eks.FargateCluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` > **NOTE: Only 1 cluster per stack is supported.** If you have a use-case for multiple clusters per stack, or would like to understand more about this limitation, see . Below you'll find a few important cluster configuration options. First of which is Capacity. Capacity is the amount and the type of worker nodes that are available to the cluster for deploying resources. Amazon EKS offers 3 ways of configuring capacity, which you can combine as you like: ### Managed node groups Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. With Amazon EKS managed node groups, you don’t need to separately provision or register the Amazon EC2 instances that provide compute capacity to run your Kubernetes applications. You can create, update, or terminate nodes for your cluster with a single operation. Nodes run using the latest Amazon EKS optimized AMIs in your AWS account while node updates and terminations gracefully drain nodes to ensure that your applications stay available. > For more details visit [Amazon EKS Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). **Managed Node Groups are the recommended way to allocate cluster capacity.** By default, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). At cluster instantiation time, you can customize the number of instances and their type: \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); \`\`\` To access the node group that was created on your behalf, you can use \`cluster.defaultNodegroup\`. Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the \`cluster.addNodegroupCapacity\` method: \`\`\`ts const cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 0, }); cluster.addNodegroupCapacity('custom-node-group', { instanceTypes: [new ec2.InstanceType('m5.large')], minSize: 4, diskSize: 100, amiType: eks.NodegroupAmiType.AL2_X86_64_GPU, ... }); \`\`\` #### Spot Instances Support Use \`capacityType\` to create managed node groups comprised of spot instances. To maximize the availability of your applications while using Spot Instances, we recommend that you configure a Spot managed node group to use multiple instance types with the \`instanceTypes\` property. > For more details visit [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types). \`\`\`ts cluster.addNodegroupCapacity('extra-ng-spot', { instanceTypes: [ new ec2.InstanceType('c5.large'), new ec2.InstanceType('c5a.large'), new ec2.InstanceType('c5d.large'), ], minSize: 3, capacityType: eks.CapacityType.SPOT, }); \`\`\` #### Launch Template Support You can specify a launch template that the node group will use. For example, this can be useful if you want to use a custom AMI or add custom user data. When supplying a custom user data script, it must be encoded in the MIME multi-part archive format, since Amazon EKS merges with its own user data. Visit the [Launch Template Docs](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data) for mode details. \`\`\`ts const userData = \`MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "Running custom user data script" --==MYBOUNDARY==--\\\\ \`; const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { instanceType: 't3.small', userData: Fn.base64(userData), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` Note that when using a custom AMI, Amazon EKS doesn't merge any user data. Which means you do not need the multi-part encoding. and are responsible for supplying the required bootstrap commands for nodes to join the cluster. In the following example, \`/ect/eks/bootstrap.sh\` from the AMI will be used to bootstrap the node. \`\`\`ts const userData = ec2.UserData.forLinux(); userData.addCommands( 'set -o xtrace', \`/etc/eks/bootstrap.sh \${cluster.clusterName}\`, ); const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { imageId: 'some-ami-id', // custom AMI instanceType: 't3.small', userData: Fn.base64(userData.render()), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` You may specify one \`instanceType\` in the launch template or multiple \`instanceTypes\` in the node group, **but not both**. > For more details visit [Launch Template Support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). Graviton 2 instance types are supported including \`c6g\`, \`m6g\`, \`r6g\` and \`t4g\`. ### Fargate profiles AWS Fargate is a technology that provides on-demand, right-sized compute capacity for containers. With AWS Fargate, you no longer have to provision, configure, or scale groups of virtual machines to run containers. This removes the need to choose server types, decide when to scale your node groups, or optimize cluster packing. You can control which pods start on Fargate and how they run with Fargate Profiles, which are defined as part of your Amazon EKS cluster. See [Fargate Considerations](https://docs.aws.amazon.com/eks/latest/userguide/fargate.html#fargate-considerations) in the AWS EKS User Guide. You can add Fargate Profiles to any EKS cluster defined in your CDK app through the \`addFargateProfile()\` method. The following example adds a profile that will match all pods from the "default" namespace: \`\`\`ts cluster.addFargateProfile('MyProfile', { selectors: [ { namespace: 'default' } ] }); \`\`\` You can also directly use the \`FargateProfile\` construct to create profiles under different scopes: \`\`\`ts new eks.FargateProfile(scope, 'MyProfile', { cluster, ... }); \`\`\` To create an EKS cluster that **only** uses Fargate capacity, you can use \`FargateCluster\`. The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns). \`\`\`ts const cluster = new eks.FargateCluster(this, 'MyCluster', { version: eks.KubernetesVersion.V1_19, }); \`\`\` **NOTE**: Classic Load Balancers and Network Load Balancers are not supported on pods running on Fargate. For ingress, we recommend that you use the [ALB Ingress Controller](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) on Amazon EKS (minimum version v1.1.4). ### Self-managed nodes Another way of allocating capacity to an EKS cluster is by using self-managed nodes. EC2 instances that are part of the auto-scaling group will serve as worker nodes for the cluster. This type of capacity is also commonly referred to as *EC2 Capacity** or *EC2 Nodes*. For a detailed overview please visit [Self Managed Nodes](https://docs.aws.amazon.com/eks/latest/userguide/worker.html). Creating an auto-scaling group and connecting it to the cluster is done using the \`cluster.addAutoScalingGroupCapacity\` method: \`\`\`ts cluster.addAutoScalingGroupCapacity('frontend-nodes', { instanceType: new ec2.InstanceType('t2.medium'), minCapacity: 3, vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC } }); \`\`\` To connect an already initialized auto-scaling group, use the \`cluster.connectAutoScalingGroupCapacity()\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...); cluster.connectAutoScalingGroupCapacity(asg); \`\`\` In both cases, the [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#cluster-sg) will be automatically attached to the auto-scaling group, allowing for traffic to flow freely between managed and self-managed nodes. > **Note:** The default \`updateType\` for auto-scaling groups does not replace existing nodes. Since security groups are determined at launch time, self-managed nodes that were provisioned with version \`1.78.0\` or lower, will not be updated. > To apply the new configuration on all your self-managed nodes, you'll need to replace the nodes using the \`UpdateType.REPLACING_UPDATE\` policy for the [\`updateType\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-autoscaling.AutoScalingGroup.html#updatetypespan-classapi-icon-api-icon-deprecated-titlethis-api-element-is-deprecated-its-use-is-not-recommended%EF%B8%8Fspan) property. You can customize the [/etc/eks/boostrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) script, which is responsible for bootstrapping the node to the EKS cluster. For example, you can use \`kubeletExtraArgs\` to add custom node labels or taints. \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { instanceType: new ec2.InstanceType('t3.large'), minCapacity: 2, bootstrapOptions: { kubeletExtraArgs: '--node-labels foo=bar,goo=far', awsApiRetryAttempts: 5 } }); \`\`\` To disable bootstrapping altogether (i.e. to fully customize user-data), set \`bootstrapEnabled\` to \`false\`. You can also configure the cluster to use an auto-scaling group as the default capacity: \`\`\`ts cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacityType: eks.DefaultCapacityType.EC2, }); \`\`\` This will allocate an auto-scaling group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). To access the \`AutoScalingGroup\` that was created on your behalf, you can use \`cluster.defaultCapacity\`. You can also independently create an \`AutoScalingGroup\` and connect it to the cluster using the \`cluster.connectAutoScalingGroupCapacity\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...) cluster.connectAutoScalingGroupCapacity(asg); \`\`\` This will add the necessary user-data to access the apiserver and configure all connections, roles, and tags needed for the instances in the auto-scaling group to properly join the cluster. #### Spot Instances When using self-managed nodes, you can configure the capacity to use spot instances, greatly reducing capacity cost. To enable spot capacity, use the \`spotPrice\` property: \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { spotPrice: '0.1094', instanceType: new ec2.InstanceType('t3.large'), maxCapacity: 10 }); \`\`\` > Spot instance nodes will be labeled with \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. The [AWS Node Termination Handler](https://github.com/aws/aws-node-termination-handler) \`DaemonSet\` will be installed from [Amazon EKS Helm chart repository](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler) on these nodes. The termination handler ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as [EC2 maintenance events](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) and [EC2 Spot interruptions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html) and helps gracefully stop all pods running on spot nodes that are about to be terminated. > Handler Version: [1.7.0](https://github.com/aws/aws-node-termination-handler/releases/tag/v1.7.0) > > Chart Version: [0.9.5](https://github.com/aws/eks-charts/blob/v0.0.28/stable/aws-node-termination-handler/Chart.yaml) To disable the installation of the termination handler, set the \`spotInterruptHandler\` property to \`false\`. This applies both to \`addAutoScalingGroupCapacity\` and \`connectAutoScalingGroupCapacity\`. #### Bottlerocket [Bottlerocket](https://aws.amazon.com/bottlerocket/) is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts. At this moment, \`Bottlerocket\` is only supported when using self-managed auto-scaling groups. > **NOTICE**: Bottlerocket is only available in [some supported AWS regions](https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#finding-an-ami). The following example will create an auto-scaling group of 2 \`t3.small\` Linux instances running with the \`Bottlerocket\` AMI. \`\`\`ts cluster.addAutoScalingGroupCapacity('BottlerocketNodes', { instanceType: new ec2.InstanceType('t3.small'), minCapacity: 2, machineImageType: eks.MachineImageType.BOTTLEROCKET }); \`\`\` The specific Bottlerocket AMI variant will be auto selected according to the k8s version for the \`x86_64\` architecture. For example, if the Amazon EKS cluster version is \`1.17\`, the Bottlerocket AMI variant will be auto selected as \`aws-k8s-1.17\` behind the scene. > See [Variants](https://github.com/bottlerocket-os/bottlerocket/blob/develop/README.md#variants) for more details. Please note Bottlerocket does not allow to customize bootstrap options and \`bootstrapOptions\` properties is not supported when you create the \`Bottlerocket\` capacity. ### Endpoint Access When you create a new cluster, Amazon EKS creates an endpoint for the managed Kubernetes API server that you use to communicate with your cluster (using Kubernetes management tools such as \`kubectl\`) By default, this API server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC). You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the \`endpointAccess\` property: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, endpointAccess: eks.EndpointAccess.PRIVATE // No access outside of your VPC. }); \`\`\` The default value is \`eks.EndpointAccess.PUBLIC_AND_PRIVATE\`. Which means the cluster endpoint is accessible from outside of your VPC, but worker node traffic and \`kubectl\` commands issued by this library stay within your VPC. ### VPC Support You can specify the VPC of the cluster using the \`vpc\` and \`vpcSubnets\` properties: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }] }); \`\`\` > Note: Isolated VPCs (i.e with no internet access) are not currently supported. See https://github.com/aws/aws-cdk/issues/12171 If you do not specify a VPC, one will be created on your behalf, which you can then access via \`cluster.vpc\`. The cluster VPC will be associated to any EKS managed capacity (i.e Managed Node Groups and Fargate Profiles). If you allocate self managed capacity, you can specify which subnets should the auto-scaling group use: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); cluster.addAutoScalingGroupCapacity('nodes', { vpcSubnets: { subnets: vpc.privateSubnets } }); \`\`\` There are two additional components you might want to provision within the VPC. #### Kubectl Handler The \`KubectlHandler\` is a Lambda function responsible to issuing \`kubectl\` and \`helm\` commands against the cluster when you add resource manifests to the cluster. The handler association to the VPC is derived from the \`endpointAccess\` configuration. The rule of thumb is: *If the cluster VPC can be associated, it will be*. Breaking this down, it means that if the endpoint exposes private access (via \`EndpointAccess.PRIVATE\` or \`EndpointAccess.PUBLIC_AND_PRIVATE\`), and the VPC contains **private** subnets, the Lambda function will be provisioned inside the VPC and use the private subnets to interact with the cluster. This is the common use-case. If the endpoint does not expose private access (via \`EndpointAccess.PUBLIC\`) **or** the VPC does not contain private subnets, the function will not be provisioned within the VPC. #### Cluster Handler The \`ClusterHandler\` is a Lambda function responsible to interact with the EKS API in order to control the cluster lifecycle. To provision this function inside the VPC, set the \`placeClusterHandlerInVpc\` property to \`true\`. This will place the function inside the private subnets of the VPC based on the selection strategy specified in the [\`vpcSubnets\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-eks.Cluster.html#vpcsubnetsspan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) property. You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, clusterHandlerEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` ### Kubectl Support The resources are created in the cluster by running \`kubectl apply\` from a python lambda function. #### Environment You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` #### Runtime The kubectl handler uses \`kubectl\`, \`helm\` and the \`aws\` CLI in order to interact with the cluster. These are bundled into AWS Lambda layers included in the \`@aws-cdk/lambda-layer-awscli\` and \`@aws-cdk/lambda-layer-kubectl\` modules. You can specify a custom \`lambda.LayerVersion\` if you wish to use a different version of these tools. The handler expects the layer to include the following three executables: \`\`\`text helm/helm kubectl/kubectl awscli/aws \`\`\` See more information in the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-awscli/layer) for @aws-cdk/lambda-layer-awscli and the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-kubectl/layer) for @aws-cdk/lambda-layer-kubectl. \`\`\`ts const layer = new lambda.LayerVersion(this, 'KubectlLayer', { code: lambda.Code.fromAsset('layer.zip'), }); \`\`\` Now specify when the cluster is defined: \`\`\`ts const cluster = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, }); // or const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlLayer: layer, }); \`\`\` #### Memory By default, the kubectl provider is configured with 1024MiB of memory. You can use the \`kubectlMemory\` option to specify the memory size for the AWS Lambda function: \`\`\`ts import { Size } from 'aws-cdk-lib'; new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); // or eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); \`\`\` ### ARM64 Support Instance types with \`ARM64\` architecture are supported in both managed nodegroup and self-managed capacity. Simply specify an ARM64 \`instanceType\` (such as \`m6g.medium\`), and the latest Amazon Linux 2 AMI for ARM64 will be automatically selected. \`\`\`ts // add a managed ARM64 nodegroup cluster.addNodegroupCapacity('extra-ng-arm', { instanceTypes: [new ec2.InstanceType('m6g.medium')], minSize: 2, }); // add a self-managed ARM64 nodegroup cluster.addAutoScalingGroupCapacity('self-ng-arm', { instanceType: new ec2.InstanceType('m6g.medium'), minCapacity: 2, }) \`\`\` ### Masters Role When you create a cluster, you can specify a \`mastersRole\`. The \`Cluster\` construct will associate this role with the \`system:masters\` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster. \`\`\`ts const role = new iam.Role(...); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, mastersRole: role, }); \`\`\` If you do not specify it, a default role will be created on your behalf, that can be assumed by anyone in the account with \`sts:AssumeRole\` permissions for this role. This is the role you see as part of the stack outputs mentioned in the [Quick Start](#quick-start). \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` ### Encryption When you create an Amazon EKS cluster, envelope encryption of Kubernetes secrets using the AWS Key Management Service (AWS KMS) can be enabled. The documentation on [creating a cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) can provide more details about the customer master key (CMK) that can be used for the encryption. You can use the \`secretsEncryptionKey\` to configure which key the cluster will use to encrypt Kubernetes secrets. By default, an AWS Managed key will be used. > This setting can only be specified when the cluster is created and cannot be updated. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, // ... }); \`\`\` You can also use a similar configuration for running a cluster built using the FargateCluster construct. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey }); \`\`\` The Amazon Resource Name (ARN) for that CMK can be retrieved. \`\`\`ts const clusterEncryptionConfigKeyArn = cluster.clusterEncryptionConfigKeyArn; \`\`\` ## Permissions and Security Amazon EKS provides several mechanism of securing the cluster and granting permissions to specific IAM users and roles. ### AWS IAM Mapping As described in the [Amazon EKS User Guide](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html), you can map AWS IAM users and roles to [Kubernetes Role-based access control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac). The Amazon EKS construct manages the *aws-auth* \`ConfigMap\` Kubernetes resource on your behalf and exposes an API through the \`cluster.awsAuth\` for mapping users, roles and accounts. Furthermore, when auto-scaling group capacity is added to the cluster, the IAM instance role of the auto-scaling group will be automatically mapped to RBAC so nodes can connect to the cluster. No manual mapping is required. For example, let's say you want to grant an IAM user administrative privileges on your cluster: \`\`\`ts const adminUser = new iam.User(this, 'Admin'); cluster.awsAuth.addUserMapping(adminUser, { groups: [ 'system:masters' ]}); \`\`\` A convenience method for mapping a role to the \`system:masters\` group is also available: \`\`\`ts cluster.awsAuth.addMastersRole(role) \`\`\` ### Cluster Security Group When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) is automatically created as well. This security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. The ID for that security group can be retrieved after creating the cluster. \`\`\`ts const clusterSecurityGroupId = cluster.clusterSecurityGroupId; \`\`\` ### Node SSH Access If you want to be able to SSH into your worker nodes, you must already have an SSH key in the region you're connecting to and pass it when you add capacity to the cluster. You must also be able to connect to the hosts (meaning they must have a public IP and you should be allowed to connect to them on port 22): See [SSH into nodes](test/example.ssh-into-nodes.lit.ts) for a code example. If you want to SSH into nodes in a private subnet, you should set up a bastion host in a public subnet. That setup is recommended, but is unfortunately beyond the scope of this documentation. ### Service Accounts With services account you can provide Kubernetes Pods access to AWS resources. \`\`\`ts // add service account const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); const mypod = cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { serviceAccountName: sa.serviceAccountName containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ], } ] } }); // create the resource after the service account. mypod.node.addDependency(sa); // print the IAM role arn for this service account new cdk.CfnOutput(this, 'ServiceAccountIamRole', { value: sa.role.roleArn }) \`\`\` Note that using \`sa.serviceAccountName\` above **does not** translate into a resource dependency. This is why an explicit dependency is needed. See for more details. You can also add service accounts to existing clusters. To do so, pass the \`openIdConnectProvider\` property when you import the cluster into the application. \`\`\`ts // you can import an existing provider const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC'); // or create a new one using an existing issuer url const provider = new eks.OpenIdConnectProvider(this, 'Provider', issuerUrl); const cluster = eks.Cluster.fromClusterAttributes({ clusterName: 'Cluster', openIdConnectProvider: provider, kubectlRoleArn: 'arn:aws:iam::123456:role/service-role/k8sservicerole', }); const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); // ... \`\`\` Note that adding service accounts requires running \`kubectl\` commands against the cluster. This means you must also pass the \`kubectlRoleArn\` when importing the cluster. See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/master/packages/@aws-cdk/aws-eks#using-existing-clusters). ## Applying Kubernetes Resources The library supports several popular resource deployment mechanisms, among which are: ### Kubernetes Manifests The \`KubernetesManifest\` construct or \`cluster.addManifest\` method can be used to apply Kubernetes resource manifests to this cluster. > When using \`cluster.addManifest\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new KubernetesManifest\` to create the manifest in the scope of the other stack. The following examples will deploy the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) service on the cluster: \`\`\`ts const appLabel = { app: "hello-kubernetes" }; const deployment = { apiVersion: "apps/v1", kind: "Deployment", metadata: { name: "hello-kubernetes" }, spec: { replicas: 3, selector: { matchLabels: appLabel }, template: { metadata: { labels: appLabel }, spec: { containers: [ { name: "hello-kubernetes", image: "paulbouwer/hello-kubernetes:1.5", ports: [ { containerPort: 8080 } ] } ] } } } }; const service = { apiVersion: "v1", kind: "Service", metadata: { name: "hello-kubernetes" }, spec: { type: "LoadBalancer", ports: [ { port: 80, targetPort: 8080 } ], selector: appLabel } }; // option 1: use a construct new KubernetesManifest(this, 'hello-kub', { cluster, manifest: [ deployment, service ] }); // or, option2: use \`addManifest\` cluster.addManifest('hello-kub', service, deployment); \`\`\` #### Adding resources from a URL The following example will deploy the resource manifest hosting on remote server: \`\`\`ts import * as yaml from 'js-yaml'; import * as request from 'sync-request'; const manifestUrl = 'https://url/of/manifest.yaml'; const manifest = yaml.safeLoadAll(request('GET', manifestUrl).getBody()); cluster.addManifest('my-resource', ...manifest); \`\`\` #### Dependencies There are cases where Kubernetes resources must be deployed in a specific order. For example, you cannot define a resource in a Kubernetes namespace before the namespace was created. You can represent dependencies between \`KubernetesManifest\`s using \`resource.node.addDependency()\`: \`\`\`ts const namespace = cluster.addManifest('my-namespace', { apiVersion: 'v1', kind: 'Namespace', metadata: { name: 'my-app' } }); const service = cluster.addManifest('my-service', { metadata: { name: 'myservice', namespace: 'my-app' }, spec: // ... }); service.node.addDependency(namespace); // will apply \`my-namespace\` before \`my-service\`. \`\`\` **NOTE:** when a \`KubernetesManifest\` includes multiple resources (either directly or through \`cluster.addManifest()\`) (e.g. \`cluster.addManifest('foo', r1, r2, r3,...)\`), these resources will be applied as a single manifest via \`kubectl\` and will be applied sequentially (the standard behavior in \`kubectl\`). --- Since Kubernetes manifests are implemented as CloudFormation resources in the CDK. This means that if the manifest is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`kubectl delete\` command and the Kubernetes resources in that manifest will be deleted. #### Resource Pruning When a resource is deleted from a Kubernetes manifest, the EKS module will automatically delete these resources by injecting a _prune label_ to all manifest resources. This label is then passed to [\`kubectl apply --prune\`]. [\`kubectl apply --prune\`]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label Pruning is enabled by default but can be disabled through the \`prune\` option when a cluster is defined: \`\`\`ts new Cluster(this, 'MyCluster', { prune: false }); \`\`\` #### Manifests Validation The \`kubectl\` CLI supports applying a manifest by skipping the validation. This can be accomplished by setting the \`skipValidation\` flag to \`true\` in the \`KubernetesManifest\` props. \`\`\`ts new eks.KubernetesManifest(this, 'HelloAppWithoutValidation', { cluster: this.cluster, manifest: [ deployment, service ], skipValidation: true, }); \`\`\` ### Helm Charts The \`HelmChart\` construct or \`cluster.addHelmChart\` method can be used to add Kubernetes resources to this cluster using Helm. > When using \`cluster.addHelmChart\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new HelmChart\` to create the chart in the scope of the other stack. The following example will install the [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to your cluster using Helm. \`\`\`ts // option 1: use a construct new HelmChart(this, 'NginxIngress', { cluster, chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); // or, option2: use \`addHelmChart\` cluster.addHelmChart('NginxIngress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); \`\`\` Helm charts will be installed and updated using \`helm upgrade --install\`, where a few parameters are being passed down (such as \`repo\`, \`values\`, \`version\`, \`namespace\`, \`wait\`, \`timeout\`, etc). This means that if the chart is added to CDK with the same release name, it will try to update the chart in the cluster. Helm charts are implemented as CloudFormation resources in CDK. This means that if the chart is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`helm uninstall\` command and the Helm chart will be deleted. When there is no \`release\` defined, a unique ID will be allocated for the release based on the construct path. By default, all Helm charts will be installed concurrently. In some cases, this could cause race conditions where two Helm charts attempt to deploy the same resource or if Helm charts depend on each other. You can use \`chart.node.addDependency()\` in order to declare a dependency order between charts: \`\`\`ts const chart1 = cluster.addHelmChart(...); const chart2 = cluster.addHelmChart(...); chart2.node.addDependency(chart1); \`\`\` #### CDK8s Charts [CDK8s](https://cdk8s.io/) is an open-source library that enables Kubernetes manifest authoring using familiar programming languages. It is founded on the same technologies as the AWS CDK, such as [\`constructs\`](https://github.com/aws/constructs) and [\`jsii\`](https://github.com/aws/jsii). > To learn more about cdk8s, visit the [Getting Started](https://github.com/awslabs/cdk8s/tree/master/docs/getting-started) tutorials. The EKS module natively integrates with cdk8s and allows you to apply cdk8s charts on AWS EKS clusters via the \`cluster.addCdk8sChart\` method. In addition to \`cdk8s\`, you can also use [\`cdk8s+\`](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-plus), which provides higher level abstraction for the core kubernetes api objects. You can think of it like the \`L2\` constructs for Kubernetes. Any other \`cdk8s\` based libraries are also supported, for example [\`cdk8s-debore\`](https://github.com/toricls/cdk8s-debore). To get started, add the following dependencies to your \`package.json\` file: \`\`\`json "dependencies": { "cdk8s": "0.30.0", "cdk8s-plus": "0.30.0", "constructs": "3.0.4" } \`\`\` > Note that the version of \`cdk8s\` must be \`>=0.30.0\`. Similarly to how you would create a stack by extending \`@aws-cdk/core.Stack\`, we recommend you create a chart of your own that extends \`cdk8s.Chart\`, and add your kubernetes resources to it. You can use \`aws-cdk\` construct attributes and properties inside your \`cdk8s\` construct freely. In this example we create a chart that accepts an \`s3.Bucket\` and passes its name to a kubernetes pod as an environment variable. Notice that the chart must accept a \`constructs.Construct\` type as its scope, not an \`@aws-cdk/core.Construct\` as you would normally use. For this reason, to avoid possible confusion, we will create the chart in a separate file: \`+ my-chart.ts\` \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface MyChartProps { readonly bucket: s3.Bucket; } export class MyChart extends cdk8s.Chart { constructor(scope: constructs.Construct, id: string, props: MyChartProps) { super(scope, id); new kplus.Pod(this, 'Pod', { spec: { containers: [ new kplus.Container({ image: 'my-image', env: { BUCKET_NAME: kplus.EnvValue.fromValue(props.bucket.bucketName), }, }), ], }, }); } } \`\`\` Then, in your AWS CDK app: \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as cdk8s from 'cdk8s'; import { MyChart } from './my-chart'; // some bucket.. const bucket = new s3.Bucket(this, 'Bucket'); // create a cdk8s chart and use \`cdk8s.App\` as the scope. const myChart = new MyChart(new cdk8s.App(), 'MyChart', { bucket }); // add the cdk8s chart to the cluster cluster.addCdk8sChart('my-chart', myChart); \`\`\` ##### Custom CDK8s Constructs You can also compose a few stock \`cdk8s+\` constructs into your own custom construct. However, since mixing scopes between \`aws-cdk\` and \`cdk8s\` is currently not supported, the \`Construct\` class you'll need to use is the one from the [\`constructs\`](https://github.com/aws/constructs) module, and not from \`@aws-cdk/core\` like you normally would. This is why we used \`new cdk8s.App()\` as the scope of the chart above. \`\`\`ts import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface LoadBalancedWebService { readonly port: number; readonly image: string; readonly replicas: number; } export class LoadBalancedWebService extends constructs.Construct { constructor(scope: constructs.Construct, id: string, props: LoadBalancedWebService) { super(scope, id); const deployment = new kplus.Deployment(chart, 'Deployment', { spec: { replicas: props.replicas, podSpecTemplate: { containers: [ new kplus.Container({ image: props.image }) ] } }, }); deployment.expose({port: props.port, serviceType: kplus.ServiceType.LOAD_BALANCER}) } } \`\`\` ##### Manually importing k8s specs and CRD's If you find yourself unable to use \`cdk8s+\`, or just like to directly use the \`k8s\` native objects or CRD's, you can do so by manually importing them using the \`cdk8s-cli\`. See [Importing kubernetes objects](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-cli#import) for detailed instructions. ## Patching Kubernetes Resources The \`KubernetesPatch\` construct can be used to update existing kubernetes resources. The following example can be used to patch the \`hello-kubernetes\` deployment from the example above with 5 replicas. \`\`\`ts new KubernetesPatch(this, 'hello-kub-deployment-label', { cluster, resourceName: "deployment/hello-kubernetes", applyPatch: { spec: { replicas: 5 } }, restorePatch: { spec: { replicas: 3 } } }) \`\`\` ## Querying Kubernetes Resources The \`KubernetesObjectValue\` construct can be used to query for information about kubernetes objects, and use that as part of your CDK application. For example, you can fetch the address of a [\`LoadBalancer\`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) type service: \`\`\`ts // query the load balancer address const myServiceAddress = new KubernetesObjectValue(this, 'LoadBalancerAttribute', { cluster: cluster, objectType: 'service', objectName: 'my-service', jsonPath: '.status.loadBalancer.ingress[0].hostname', // https://kubernetes.io/docs/reference/kubectl/jsonpath/ }); // pass the address to a lambda function const proxyFunction = new lambda.Function(this, 'ProxyFunction', { ... environment: { myServiceAddress: myServiceAddress.value }, }) \`\`\` Specifically, since the above use-case is quite common, there is an easier way to access that information: \`\`\`ts const loadBalancerAddress = cluster.getServiceLoadBalancerAddress('my-service'); \`\`\` ## Using existing clusters The Amazon EKS library allows defining Kubernetes resources such as [Kubernetes manifests](#kubernetes-resources) and [Helm charts](#helm-charts) on clusters that are not defined as part of your CDK app. First, you'll need to "import" a cluster to your CDK app. To do that, use the \`eks.Cluster.fromClusterAttributes()\` static method: \`\`\`ts const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { clusterName: 'my-cluster-name', kubectlRoleArn: 'arn:aws:iam::1111111:role/iam-role-that-has-masters-access', }); \`\`\` Then, you can use \`addManifest\` or \`addHelmChart\` to define resources inside your Kubernetes cluster. For example: \`\`\`ts cluster.addManifest('Test', { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'myconfigmap', }, data: { Key: 'value', Another: '123454', }, }); \`\`\` At the minimum, when importing clusters for \`kubectl\` management, you will need to specify: * \`clusterName\` - the name of the cluster. * \`kubectlRoleArn\` - the ARN of an IAM role mapped to the \`system:masters\` RBAC role. If the cluster you are importing was created using the AWS CDK, the CloudFormation stack has an output that includes an IAM role that can be used. Otherwise, you can create an IAM role and map it to \`system:masters\` manually. The trust policy of this role should include the the \`arn:aws::iam::\${accountId}:root\` principal in order to allow the execution role of the kubectl resource to assume it. If the cluster is configured with private-only or private and restricted public Kubernetes [endpoint access](#endpoint-access), you must also specify: * \`kubectlSecurityGroupId\` - the ID of an EC2 security group that is allowed connections to the cluster's control security group. For example, the EKS managed [cluster security group](#cluster-security-group). * \`kubectlPrivateSubnetIds\` - a list of private VPC subnets IDs that will be used to access the Kubernetes endpoint. ## Known Issues and Limitations * [One cluster per stack](https://github.com/aws/aws-cdk/issues/10073) * [Service Account dependencies](https://github.com/aws/aws-cdk/issues/9910) * [Support isolated VPCs](https://github.com/aws/aws-cdk/issues/12171) # API Reference ## Constructs ### AwsAuth Manages mapping between IAM users and roles to Kubernetes RBAC configuration. > [https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewAwsAuth(scope Construct, id *string, props AwsAuthProps) AwsAuth \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | AwsAuthProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* AwsAuthProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | AddAccount | Additional AWS account to add to the aws-auth configmap. | | AddMastersRole | Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. | | AddRoleMapping | Adds a mapping between an IAM role to a Kubernetes user and groups. | | AddUserMapping | Adds a mapping between an IAM user to a Kubernetes user and groups. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`AddAccount\` \`\`\`go func AddAccount(accountId *string) \`\`\` Additional AWS account to add to the aws-auth configmap. ###### \`accountId\`Required - *Type:* *string account number. --- ##### \`AddMastersRole\` \`\`\`go func AddMastersRole(role IRole, username *string) \`\`\` Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. ###### \`role\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole The IAM role to add. --- ###### \`username\`Optional - *Type:* *string Optional user (defaults to the role ARN). --- ##### \`AddRoleMapping\` \`\`\`go func AddRoleMapping(role IRole, mapping AwsAuthMapping) \`\`\` Adds a mapping between an IAM role to a Kubernetes user and groups. ###### \`role\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole The IAM role to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- ##### \`AddUserMapping\` \`\`\`go func AddUserMapping(user IUser, mapping AwsAuthMapping) \`\`\` Adds a mapping between an IAM user to a Kubernetes user and groups. ###### \`user\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IUser The IAM user to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.AwsAuth_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ### CfnAddon - *Implements:* github.com/aws/aws-cdk-go/awscdk.IInspectable A CloudFormation \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewCfnAddon(scope Construct, id *string, props CfnAddonProps) CfnAddon \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/aws-cdk-go/awscdk.Construct | - scope in which this resource is defined. | | id | *string | - scoped id of the resource. | | props | CfnAddonProps | - resource properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* *string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnAddonProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`go func OverrideLogicalId(newLogicalId *string) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* *string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`go func AddDeletionOverride(path *string) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* *string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`go func AddDependsOn(target CfnResource) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.CfnResource --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(key *string, value interface{}) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ###### \`value\`Required - *Type:* interface{} --- ##### \`AddOverride\` \`\`\`go func AddOverride(path *string, value interface{}) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`go // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes"), []interface{}{ jsii.String("myattribute"), }) cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.1.ProjectionType"), jsii.String("INCLUDE")) \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* *string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* interface{} The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`go func AddPropertyDeletionOverride(propertyPath *string) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* *string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`go func AddPropertyOverride(propertyPath *string, value interface{}) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* *string The path of the property. --- ###### \`value\`Required - *Type:* interface{} The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy, options RemovalPolicyOptions) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicy --- ###### \`options\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`go func GetAtt(attributeName *string) Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* *string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`go func GetMetadata(key *string) interface{} \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ##### \`Inspect\` \`\`\`go func Inspect(inspector TreeInspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnAddon_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnElement\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnAddon_IsCfnElement(x interface{}) *bool \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnAddon_IsCfnResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | CreationStack | *[]*string | *No description.* | | LogicalId | *string | The logical ID for this CloudFormation stack element. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this element is defined. | | Ref | *string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | github.com/aws/aws-cdk-go/awscdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | *string | AWS resource type. | | AttrArn | *string | *No description.* | | Tags | github.com/aws/aws-cdk-go/awscdk.TagManager | \`AWS::EKS::Addon.Tags\`. | | AddonName | *string | \`AWS::EKS::Addon.AddonName\`. | | ClusterName | *string | \`AWS::EKS::Addon.ClusterName\`. | | AddonVersion | *string | \`AWS::EKS::Addon.AddonVersion\`. | | ResolveConflicts | *string | \`AWS::EKS::Addon.ResolveConflicts\`. | | ServiceAccountRoleArn | *string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`go func CreationStack() *[]*string \`\`\` - *Type:* *[]*string --- ##### \`LogicalId\`Required \`\`\`go func LogicalId() *string \`\`\` - *Type:* *string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`go func Ref() *string \`\`\` - *Type:* *string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`go func CfnOptions() ICfnResourceOptions \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`go func CfnResourceType() *string \`\`\` - *Type:* *string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`go func AttrArn() *string \`\`\` - *Type:* *string --- ##### \`Tags\`Required \`\`\`go func Tags() TagManager \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.TagManager \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ##### \`AddonName\`Required \`\`\`go func AddonName() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`AddonVersion\`Optional \`\`\`go func AddonVersion() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`ResolveConflicts\`Optional \`\`\`go func ResolveConflicts() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`ServiceAccountRoleArn\`Optional \`\`\`go func ServiceAccountRoleArn() *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | *string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`go func CfnResourceTypeName() *string \`\`\` - *Type:* *string The CloudFormation resource type name for this resource class. --- ### CfnCluster - *Implements:* github.com/aws/aws-cdk-go/awscdk.IInspectable A CloudFormation \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewCfnCluster(scope Construct, id *string, props CfnClusterProps) CfnCluster \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/aws-cdk-go/awscdk.Construct | - scope in which this resource is defined. | | id | *string | - scoped id of the resource. | | props | CfnClusterProps | - resource properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* *string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnClusterProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`go func OverrideLogicalId(newLogicalId *string) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* *string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`go func AddDeletionOverride(path *string) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* *string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`go func AddDependsOn(target CfnResource) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.CfnResource --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(key *string, value interface{}) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ###### \`value\`Required - *Type:* interface{} --- ##### \`AddOverride\` \`\`\`go func AddOverride(path *string, value interface{}) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`go // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes"), []interface{}{ jsii.String("myattribute"), }) cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.1.ProjectionType"), jsii.String("INCLUDE")) \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* *string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* interface{} The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`go func AddPropertyDeletionOverride(propertyPath *string) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* *string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`go func AddPropertyOverride(propertyPath *string, value interface{}) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* *string The path of the property. --- ###### \`value\`Required - *Type:* interface{} The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy, options RemovalPolicyOptions) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicy --- ###### \`options\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`go func GetAtt(attributeName *string) Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* *string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`go func GetMetadata(key *string) interface{} \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ##### \`Inspect\` \`\`\`go func Inspect(inspector TreeInspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnCluster_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnElement\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnCluster_IsCfnElement(x interface{}) *bool \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnCluster_IsCfnResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | CreationStack | *[]*string | *No description.* | | LogicalId | *string | The logical ID for this CloudFormation stack element. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this element is defined. | | Ref | *string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | github.com/aws/aws-cdk-go/awscdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | *string | AWS resource type. | | AttrArn | *string | *No description.* | | AttrCertificateAuthorityData | *string | *No description.* | | AttrClusterSecurityGroupId | *string | *No description.* | | AttrEncryptionConfigKeyArn | *string | *No description.* | | AttrEndpoint | *string | *No description.* | | AttrOpenIdConnectIssuerUrl | *string | *No description.* | | ResourcesVpcConfig | interface{} | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | RoleArn | *string | \`AWS::EKS::Cluster.RoleArn\`. | | EncryptionConfig | interface{} | \`AWS::EKS::Cluster.EncryptionConfig\`. | | KubernetesNetworkConfig | interface{} | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | Name | *string | \`AWS::EKS::Cluster.Name\`. | | Version | *string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`go func CreationStack() *[]*string \`\`\` - *Type:* *[]*string --- ##### \`LogicalId\`Required \`\`\`go func LogicalId() *string \`\`\` - *Type:* *string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`go func Ref() *string \`\`\` - *Type:* *string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`go func CfnOptions() ICfnResourceOptions \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`go func CfnResourceType() *string \`\`\` - *Type:* *string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`go func AttrArn() *string \`\`\` - *Type:* *string --- ##### \`AttrCertificateAuthorityData\`Required \`\`\`go func AttrCertificateAuthorityData() *string \`\`\` - *Type:* *string --- ##### \`AttrClusterSecurityGroupId\`Required \`\`\`go func AttrClusterSecurityGroupId() *string \`\`\` - *Type:* *string --- ##### \`AttrEncryptionConfigKeyArn\`Required \`\`\`go func AttrEncryptionConfigKeyArn() *string \`\`\` - *Type:* *string --- ##### \`AttrEndpoint\`Required \`\`\`go func AttrEndpoint() *string \`\`\` - *Type:* *string --- ##### \`AttrOpenIdConnectIssuerUrl\`Required \`\`\`go func AttrOpenIdConnectIssuerUrl() *string \`\`\` - *Type:* *string --- ##### \`ResourcesVpcConfig\`Required \`\`\`go func ResourcesVpcConfig() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`RoleArn\`Required \`\`\`go func RoleArn() *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`EncryptionConfig\`Optional \`\`\`go func EncryptionConfig() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`KubernetesNetworkConfig\`Optional \`\`\`go func KubernetesNetworkConfig() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`Name\`Optional \`\`\`go func Name() *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`Version\`Optional \`\`\`go func Version() *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | *string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`go func CfnResourceTypeName() *string \`\`\` - *Type:* *string The CloudFormation resource type name for this resource class. --- ### CfnFargateProfile - *Implements:* github.com/aws/aws-cdk-go/awscdk.IInspectable A CloudFormation \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewCfnFargateProfile(scope Construct, id *string, props CfnFargateProfileProps) CfnFargateProfile \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/aws-cdk-go/awscdk.Construct | - scope in which this resource is defined. | | id | *string | - scoped id of the resource. | | props | CfnFargateProfileProps | - resource properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* *string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnFargateProfileProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`go func OverrideLogicalId(newLogicalId *string) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* *string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`go func AddDeletionOverride(path *string) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* *string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`go func AddDependsOn(target CfnResource) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.CfnResource --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(key *string, value interface{}) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ###### \`value\`Required - *Type:* interface{} --- ##### \`AddOverride\` \`\`\`go func AddOverride(path *string, value interface{}) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`go // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes"), []interface{}{ jsii.String("myattribute"), }) cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.1.ProjectionType"), jsii.String("INCLUDE")) \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* *string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* interface{} The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`go func AddPropertyDeletionOverride(propertyPath *string) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* *string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`go func AddPropertyOverride(propertyPath *string, value interface{}) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* *string The path of the property. --- ###### \`value\`Required - *Type:* interface{} The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy, options RemovalPolicyOptions) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicy --- ###### \`options\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`go func GetAtt(attributeName *string) Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* *string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`go func GetMetadata(key *string) interface{} \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ##### \`Inspect\` \`\`\`go func Inspect(inspector TreeInspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnFargateProfile_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnElement\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnFargateProfile_IsCfnElement(x interface{}) *bool \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnFargateProfile_IsCfnResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | CreationStack | *[]*string | *No description.* | | LogicalId | *string | The logical ID for this CloudFormation stack element. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this element is defined. | | Ref | *string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | github.com/aws/aws-cdk-go/awscdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | *string | AWS resource type. | | AttrArn | *string | *No description.* | | Tags | github.com/aws/aws-cdk-go/awscdk.TagManager | \`AWS::EKS::FargateProfile.Tags\`. | | ClusterName | *string | \`AWS::EKS::FargateProfile.ClusterName\`. | | PodExecutionRoleArn | *string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | Selectors | interface{} | \`AWS::EKS::FargateProfile.Selectors\`. | | FargateProfileName | *string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | Subnets | *[]*string | \`AWS::EKS::FargateProfile.Subnets\`. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`go func CreationStack() *[]*string \`\`\` - *Type:* *[]*string --- ##### \`LogicalId\`Required \`\`\`go func LogicalId() *string \`\`\` - *Type:* *string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`go func Ref() *string \`\`\` - *Type:* *string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`go func CfnOptions() ICfnResourceOptions \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`go func CfnResourceType() *string \`\`\` - *Type:* *string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`go func AttrArn() *string \`\`\` - *Type:* *string --- ##### \`Tags\`Required \`\`\`go func Tags() TagManager \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.TagManager \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`PodExecutionRoleArn\`Required \`\`\`go func PodExecutionRoleArn() *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`Selectors\`Required \`\`\`go func Selectors() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`FargateProfileName\`Optional \`\`\`go func FargateProfileName() *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`Subnets\`Optional \`\`\`go func Subnets() *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | *string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`go func CfnResourceTypeName() *string \`\`\` - *Type:* *string The CloudFormation resource type name for this resource class. --- ### CfnNodegroup - *Implements:* github.com/aws/aws-cdk-go/awscdk.IInspectable A CloudFormation \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewCfnNodegroup(scope Construct, id *string, props CfnNodegroupProps) CfnNodegroup \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/aws-cdk-go/awscdk.Construct | - scope in which this resource is defined. | | id | *string | - scoped id of the resource. | | props | CfnNodegroupProps | - resource properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* *string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnNodegroupProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | OverrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | AddDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | AddDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | AddMetadata | Add a value to the CloudFormation Resource Metadata. | | AddOverride | Adds an override to the synthesized CloudFormation resource. | | AddPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | AddPropertyOverride | Adds an override to a resource property. | | ApplyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | GetAtt | Returns a token for an runtime attribute of this resource. | | GetMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | Inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`OverrideLogicalId\` \`\`\`go func OverrideLogicalId(newLogicalId *string) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* *string The new logical ID to use for this stack element. --- ##### \`AddDeletionOverride\` \`\`\`go func AddDeletionOverride(path *string) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* *string The path of the value to delete. --- ##### \`AddDependsOn\` \`\`\`go func AddDependsOn(target CfnResource) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.CfnResource --- ##### \`AddMetadata\` \`\`\`go func AddMetadata(key *string, value interface{}) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ###### \`value\`Required - *Type:* interface{} --- ##### \`AddOverride\` \`\`\`go func AddOverride(path *string, value interface{}) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`go // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes"), []interface{}{ jsii.String("myattribute"), }) cfnResource.addOverride(jsii.String("Properties.GlobalSecondaryIndexes.1.ProjectionType"), jsii.String("INCLUDE")) \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* *string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* interface{} The value. Could be primitive or complex. --- ##### \`AddPropertyDeletionOverride\` \`\`\`go func AddPropertyDeletionOverride(propertyPath *string) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* *string The path to the property. --- ##### \`AddPropertyOverride\` \`\`\`go func AddPropertyOverride(propertyPath *string, value interface{}) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* *string The path of the property. --- ###### \`value\`Required - *Type:* interface{} The value. --- ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy, options RemovalPolicyOptions) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicy --- ###### \`options\`Optional - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicyOptions --- ##### \`GetAtt\` \`\`\`go func GetAtt(attributeName *string) Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* *string The name of the attribute. --- ##### \`GetMetadata\` \`\`\`go func GetMetadata(key *string) interface{} \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* *string --- ##### \`Inspect\` \`\`\`go func Inspect(inspector TreeInspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | IsCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnNodegroup_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnElement\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnNodegroup_IsCfnElement(x interface{}) *bool \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsCfnResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.CfnNodegroup_IsCfnResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | CreationStack | *[]*string | *No description.* | | LogicalId | *string | The logical ID for this CloudFormation stack element. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this element is defined. | | Ref | *string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | CfnOptions | github.com/aws/aws-cdk-go/awscdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | CfnResourceType | *string | AWS resource type. | | AttrArn | *string | *No description.* | | AttrClusterName | *string | *No description.* | | AttrNodegroupName | *string | *No description.* | | Tags | github.com/aws/aws-cdk-go/awscdk.TagManager | \`AWS::EKS::Nodegroup.Tags\`. | | ClusterName | *string | \`AWS::EKS::Nodegroup.ClusterName\`. | | Labels | interface{} | \`AWS::EKS::Nodegroup.Labels\`. | | NodeRole | *string | \`AWS::EKS::Nodegroup.NodeRole\`. | | Subnets | *[]*string | \`AWS::EKS::Nodegroup.Subnets\`. | | AmiType | *string | \`AWS::EKS::Nodegroup.AmiType\`. | | CapacityType | *string | \`AWS::EKS::Nodegroup.CapacityType\`. | | DiskSize | *f64 | \`AWS::EKS::Nodegroup.DiskSize\`. | | ForceUpdateEnabled | interface{} | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | InstanceTypes | *[]*string | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | LaunchTemplate | interface{} | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | NodegroupName | *string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | ReleaseVersion | *string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | RemoteAccess | interface{} | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | ScalingConfig | interface{} | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | Taints | interface{} | \`AWS::EKS::Nodegroup.Taints\`. | | Version | *string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`CreationStack\`Required \`\`\`go func CreationStack() *[]*string \`\`\` - *Type:* *[]*string --- ##### \`LogicalId\`Required \`\`\`go func LogicalId() *string \`\`\` - *Type:* *string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`Ref\`Required \`\`\`go func Ref() *string \`\`\` - *Type:* *string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`CfnOptions\`Required \`\`\`go func CfnOptions() ICfnResourceOptions \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`CfnResourceType\`Required \`\`\`go func CfnResourceType() *string \`\`\` - *Type:* *string AWS resource type. --- ##### \`AttrArn\`Required \`\`\`go func AttrArn() *string \`\`\` - *Type:* *string --- ##### \`AttrClusterName\`Required \`\`\`go func AttrClusterName() *string \`\`\` - *Type:* *string --- ##### \`AttrNodegroupName\`Required \`\`\`go func AttrNodegroupName() *string \`\`\` - *Type:* *string --- ##### \`Tags\`Required \`\`\`go func Tags() TagManager \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.TagManager \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`Labels\`Required \`\`\`go func Labels() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`NodeRole\`Required \`\`\`go func NodeRole() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`Subnets\`Required \`\`\`go func Subnets() *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`AmiType\`Optional \`\`\`go func AmiType() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`CapacityType\`Optional \`\`\`go func CapacityType() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`DiskSize\`Optional \`\`\`go func DiskSize() *f64 \`\`\` - *Type:* *f64 \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`ForceUpdateEnabled\`Optional \`\`\`go func ForceUpdateEnabled() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`InstanceTypes\`Optional \`\`\`go func InstanceTypes() *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`LaunchTemplate\`Optional \`\`\`go func LaunchTemplate() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`NodegroupName\`Optional \`\`\`go func NodegroupName() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`ReleaseVersion\`Optional \`\`\`go func ReleaseVersion() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`RemoteAccess\`Optional \`\`\`go func RemoteAccess() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`ScalingConfig\`Optional \`\`\`go func ScalingConfig() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`Taints\`Optional \`\`\`go func Taints() interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`Version\`Optional \`\`\`go func Version() *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CfnResourceTypeName | *string | The CloudFormation resource type name for this resource class. | --- ##### \`CfnResourceTypeName\`Required \`\`\`go func CfnResourceTypeName() *string \`\`\` - *Type:* *string The CloudFormation resource type name for this resource class. --- ### Cluster - *Implements:* ICluster A Cluster represents a managed Kubernetes Service (EKS). This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewCluster(scope Construct, id *string, props ClusterProps) Cluster \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | a Construct, most likely a cdk.Stack created. | | id | *string | the id of the Construct to create. | | props | ClusterProps | properties in the IClusterProps interface. | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct a Construct, most likely a cdk.Stack created. --- ##### \`id\`Required - *Type:* *string the id of the Construct to create. --- ##### \`props\`Required - *Type:* ClusterProps properties in the IClusterProps interface. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddFargateProfile | Adds a Fargate profile to this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | ConnectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | GetServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicy --- ##### \`AddAutoScalingGroupCapacity\` \`\`\`go func AddAutoScalingGroupCapacity(id *string, options AutoScalingGroupCapacityOptions) AutoScalingGroup \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* *string --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`AddCdk8sChart\` \`\`\`go func AddCdk8sChart(id *string, chart Construct) KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`chart\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the cdk8s chart. --- ##### \`AddFargateProfile\` \`\`\`go func AddFargateProfile(id *string, options FargateProfileOptions) FargateProfile \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* *string the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`AddHelmChart\` \`\`\`go func AddHelmChart(id *string, options HelmChartOptions) HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`go func AddManifest(id *string, manifest *map[string]interface{}) KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* *string logical id of this manifest. --- ###### \`manifest\`Required - *Type:* *map[string]interface{} a list of Kubernetes resource specifications. --- ##### \`AddNodegroupCapacity\` \`\`\`go func AddNodegroupCapacity(id *string, options NodegroupOptions) Nodegroup \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* *string The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`AddServiceAccount\` \`\`\`go func AddServiceAccount(id *string, options ServiceAccountOptions) ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* *string --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`ConnectAutoScalingGroupCapacity\` \`\`\`go func ConnectAutoScalingGroupCapacity(autoScalingGroup AutoScalingGroup, options AutoScalingGroupOptions) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`GetServiceLoadBalancerAddress\` \`\`\`go func GetServiceLoadBalancerAddress(serviceName *string, options ServiceLoadBalancerAddressOptions) *string \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* *string The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | FromClusterAttributes | Import an existing cluster. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.Cluster_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.Cluster_IsResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.IConstruct --- ##### \`FromClusterAttributes\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.Cluster_FromClusterAttributes(scope Construct, id *string, attrs ClusterAttributes) ICluster \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* *string the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | Env | github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this resource is defined. | | AdminRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | AwsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | ClusterArn | *string | The AWS generated ARN for the Cluster resource. | | ClusterCertificateAuthorityData | *string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | *string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | *string | The endpoint URL for the Cluster. | | ClusterName | *string | The Name of the created EKS Cluster. | | ClusterOpenIdConnectIssuer | *string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | ClusterOpenIdConnectIssuerUrl | *string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | ClusterSecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | *string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | Connections | github.com/aws/aws-cdk-go/awscdk.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | OpenIdConnectProvider | github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | Prune | *bool | Determines if Kubernetes resources can be pruned automatically. | | Role | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC in which this Cluster was created. | | DefaultCapacity | github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | DefaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | KubectlEnvironment | *map[string]*string | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk.Size | The amount of memory allocated to the kubectl provider's lambda function. | | KubectlPrivateSubnets | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnet | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this resource is defined. --- ##### \`AdminRole\`Required \`\`\`go func AdminRole() Role \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`AwsAuth\`Required \`\`\`go func AwsAuth() AwsAuth \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`ClusterArn\`Required \`\`\`go func ClusterArn() *string \`\`\` - *Type:* *string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666cluster / prod \`\`\` ##### \`ClusterCertificateAuthorityData\`Required \`\`\`go func ClusterCertificateAuthorityData() *string \`\`\` - *Type:* *string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`go func ClusterEncryptionConfigKeyArn() *string \`\`\` - *Type:* *string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`go func ClusterEndpoint() *string \`\`\` - *Type:* *string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string The Name of the created EKS Cluster. --- ##### \`ClusterOpenIdConnectIssuer\`Required \`\`\`go func ClusterOpenIdConnectIssuer() *string \`\`\` - *Type:* *string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterOpenIdConnectIssuerUrl\`Required \`\`\`go func ClusterOpenIdConnectIssuerUrl() *string \`\`\` - *Type:* *string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterSecurityGroup\`Required \`\`\`go func ClusterSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`go func ClusterSecurityGroupId() *string \`\`\` - *Type:* *string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`Connections\`Required \`\`\`go func Connections() Connections \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`go func OpenIdConnectProvider() IOpenIdConnectProvider \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`Prune\`Required \`\`\`go func Prune() *bool \`\`\` - *Type:* *bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`Role\`Required \`\`\`go func Role() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`Vpc\`Required \`\`\`go func Vpc() IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`DefaultCapacity\`Optional \`\`\`go func DefaultCapacity() AutoScalingGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`DefaultNodegroup\`Optional \`\`\`go func DefaultNodegroup() Nodegroup \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`KubectlEnvironment\`Optional \`\`\`go func KubectlEnvironment() *map[string]*string \`\`\` - *Type:* *map[string]*string Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`go func KubectlLayer() ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`go func KubectlMemory() Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`go func KubectlPrivateSubnets() *[]ISubnet \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnet - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`KubectlRole\`Optional \`\`\`go func KubectlRole() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`go func KubectlSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateCluster Defines an EKS cluster that runs entirely on AWS Fargate. The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using \`addFargateProfile\`. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewFargateCluster(scope Construct, id *string, props FargateClusterProps) FargateCluster \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | FargateClusterProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* FargateClusterProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | | AddAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddFargateProfile | Adds a Fargate profile to this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | ConnectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | GetServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicy --- ##### \`AddAutoScalingGroupCapacity\` \`\`\`go func AddAutoScalingGroupCapacity(id *string, options AutoScalingGroupCapacityOptions) AutoScalingGroup \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* *string --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`AddCdk8sChart\` \`\`\`go func AddCdk8sChart(id *string, chart Construct) KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`chart\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the cdk8s chart. --- ##### \`AddFargateProfile\` \`\`\`go func AddFargateProfile(id *string, options FargateProfileOptions) FargateProfile \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* *string the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`AddHelmChart\` \`\`\`go func AddHelmChart(id *string, options HelmChartOptions) HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`go func AddManifest(id *string, manifest *map[string]interface{}) KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* *string logical id of this manifest. --- ###### \`manifest\`Required - *Type:* *map[string]interface{} a list of Kubernetes resource specifications. --- ##### \`AddNodegroupCapacity\` \`\`\`go func AddNodegroupCapacity(id *string, options NodegroupOptions) Nodegroup \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* *string The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`AddServiceAccount\` \`\`\`go func AddServiceAccount(id *string, options ServiceAccountOptions) ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* *string --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`ConnectAutoScalingGroupCapacity\` \`\`\`go func ConnectAutoScalingGroupCapacity(autoScalingGroup AutoScalingGroup, options AutoScalingGroupOptions) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`GetServiceLoadBalancerAddress\` \`\`\`go func GetServiceLoadBalancerAddress(serviceName *string, options ServiceLoadBalancerAddressOptions) *string \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* *string The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | FromClusterAttributes | Import an existing cluster. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.FargateCluster_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.FargateCluster_IsResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.IConstruct --- ##### \`FromClusterAttributes\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.FargateCluster_FromClusterAttributes(scope Construct, id *string, attrs ClusterAttributes) ICluster \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* *string the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | Env | github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this resource is defined. | | AdminRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | AwsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | ClusterArn | *string | The AWS generated ARN for the Cluster resource. | | ClusterCertificateAuthorityData | *string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | *string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | *string | The endpoint URL for the Cluster. | | ClusterName | *string | The Name of the created EKS Cluster. | | ClusterOpenIdConnectIssuer | *string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | ClusterOpenIdConnectIssuerUrl | *string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | ClusterSecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | *string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | Connections | github.com/aws/aws-cdk-go/awscdk.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | OpenIdConnectProvider | github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | Prune | *bool | Determines if Kubernetes resources can be pruned automatically. | | Role | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC in which this Cluster was created. | | DefaultCapacity | github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | DefaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | KubectlEnvironment | *map[string]*string | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk.Size | The amount of memory allocated to the kubectl provider's lambda function. | | KubectlPrivateSubnets | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnet | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this resource is defined. --- ##### \`AdminRole\`Required \`\`\`go func AdminRole() Role \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`AwsAuth\`Required \`\`\`go func AwsAuth() AwsAuth \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`ClusterArn\`Required \`\`\`go func ClusterArn() *string \`\`\` - *Type:* *string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666cluster / prod \`\`\` ##### \`ClusterCertificateAuthorityData\`Required \`\`\`go func ClusterCertificateAuthorityData() *string \`\`\` - *Type:* *string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`go func ClusterEncryptionConfigKeyArn() *string \`\`\` - *Type:* *string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`go func ClusterEndpoint() *string \`\`\` - *Type:* *string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string The Name of the created EKS Cluster. --- ##### \`ClusterOpenIdConnectIssuer\`Required \`\`\`go func ClusterOpenIdConnectIssuer() *string \`\`\` - *Type:* *string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterOpenIdConnectIssuerUrl\`Required \`\`\`go func ClusterOpenIdConnectIssuerUrl() *string \`\`\` - *Type:* *string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`ClusterSecurityGroup\`Required \`\`\`go func ClusterSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`go func ClusterSecurityGroupId() *string \`\`\` - *Type:* *string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`Connections\`Required \`\`\`go func Connections() Connections \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`go func OpenIdConnectProvider() IOpenIdConnectProvider \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`Prune\`Required \`\`\`go func Prune() *bool \`\`\` - *Type:* *bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`Role\`Required \`\`\`go func Role() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`Vpc\`Required \`\`\`go func Vpc() IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`DefaultCapacity\`Optional \`\`\`go func DefaultCapacity() AutoScalingGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`DefaultNodegroup\`Optional \`\`\`go func DefaultNodegroup() Nodegroup \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`KubectlEnvironment\`Optional \`\`\`go func KubectlEnvironment() *map[string]*string \`\`\` - *Type:* *map[string]*string Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`go func KubectlLayer() ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`go func KubectlMemory() Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`go func KubectlPrivateSubnets() *[]ISubnet \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnet - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`KubectlRole\`Optional \`\`\`go func KubectlRole() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`go func KubectlSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateProfile - *Implements:* github.com/aws/aws-cdk-go/awscdk.ITaggable Fargate profiles allows an administrator to declare which pods run on Fargate. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate. If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewFargateProfile(scope Construct, id *string, props FargateProfileProps) FargateProfile \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | FargateProfileProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* FargateProfileProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.FargateProfile_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | FargateProfileArn | *string | The full Amazon Resource Name (ARN) of the Fargate profile. | | FargateProfileName | *string | The name of the Fargate profile. | | PodExecutionRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | Tags | github.com/aws/aws-cdk-go/awscdk.TagManager | Resource tags. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`FargateProfileArn\`Required \`\`\`go func FargateProfileArn() *string \`\`\` - *Type:* *string The full Amazon Resource Name (ARN) of the Fargate profile. --- ##### \`FargateProfileName\`Required \`\`\`go func FargateProfileName() *string \`\`\` - *Type:* *string The name of the Fargate profile. --- ##### \`PodExecutionRole\`Required \`\`\`go func PodExecutionRole() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. --- ##### \`Tags\`Required \`\`\`go func Tags() TagManager \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.TagManager Resource tags. --- ### HelmChart Represents a helm chart within the Kubernetes system. Applies/deletes the resources using \`kubectl\` in sync with the resource. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewHelmChart(scope Construct, id *string, props HelmChartProps) HelmChart \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | HelmChartProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* HelmChartProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.HelmChart_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | *string | The CloudFormation resource type. | --- ##### \`ResourceType\`Required \`\`\`go func ResourceType() *string \`\`\` - *Type:* *string The CloudFormation resource type. --- ### KubernetesManifest Represents a manifest within the Kubernetes system. Alternatively, you can use \`cluster.addManifest(resource[, resource, ...])\` to define resources on this cluster. Applies/deletes the manifest using \`kubectl\`. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewKubernetesManifest(scope Construct, id *string, props KubernetesManifestProps) KubernetesManifest \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | KubernetesManifestProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* KubernetesManifestProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.KubernetesManifest_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | *string | The CloudFormation reosurce type. | --- ##### \`ResourceType\`Required \`\`\`go func ResourceType() *string \`\`\` - *Type:* *string The CloudFormation reosurce type. --- ### KubernetesObjectValue Represents a value of a specific object deployed in the cluster. Use this to fetch any information available by the \`kubectl get\` command. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewKubernetesObjectValue(scope Construct, id *string, props KubernetesObjectValueProps) KubernetesObjectValue \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | KubernetesObjectValueProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* KubernetesObjectValueProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.KubernetesObjectValue_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | Value | *string | The value as a string token. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`Value\`Required \`\`\`go func Value() *string \`\`\` - *Type:* *string The value as a string token. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourceType | *string | The CloudFormation reosurce type. | --- ##### \`ResourceType\`Required \`\`\`go func ResourceType() *string \`\`\` - *Type:* *string The CloudFormation reosurce type. --- ### KubernetesPatch A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource. > [https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewKubernetesPatch(scope Construct, id *string, props KubernetesPatchProps) KubernetesPatch \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | KubernetesPatchProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* KubernetesPatchProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.KubernetesPatch_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ### Nodegroup - *Implements:* INodegroup The Nodegroup resource class. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewNodegroup(scope Construct, id *string, props NodegroupProps) Nodegroup \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | NodegroupProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* NodegroupProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | FromNodegroupName | Import the Nodegroup from attributes. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.Nodegroup_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.Nodegroup_IsResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.IConstruct --- ##### \`FromNodegroupName\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.Nodegroup_FromNodegroupName(scope Construct, id *string, nodegroupName *string) INodegroup \`\`\` Import the Nodegroup from attributes. ###### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ###### \`id\`Required - *Type:* *string --- ###### \`nodegroupName\`Required - *Type:* *string --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | Env | github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this resource is defined. | | Cluster | ICluster | the Amazon EKS cluster resource. | | NodegroupArn | *string | ARN of the nodegroup. | | NodegroupName | *string | Nodegroup name. | | Role | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | IAM role of the instance profile for the nodegroup. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this resource is defined. --- ##### \`Cluster\`Required \`\`\`go func Cluster() ICluster \`\`\` - *Type:* ICluster the Amazon EKS cluster resource. --- ##### \`NodegroupArn\`Required \`\`\`go func NodegroupArn() *string \`\`\` - *Type:* *string ARN of the nodegroup. --- ##### \`NodegroupName\`Required \`\`\`go func NodegroupName() *string \`\`\` - *Type:* *string Nodegroup name. --- ##### \`Role\`Required \`\`\`go func Role() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole IAM role of the instance profile for the nodegroup. --- ### OpenIdConnectProvider IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster > [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewOpenIdConnectProvider(scope Construct, id *string, props OpenIdConnectProviderProps) OpenIdConnectProvider \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | The definition scope. | | id | *string | Construct ID. | | props | OpenIdConnectProviderProps | Initialization properties. | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct The definition scope. --- ##### \`id\`Required - *Type:* *string Construct ID. --- ##### \`props\`Required - *Type:* OpenIdConnectProviderProps Initialization properties. --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | ApplyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### \`ApplyRemovalPolicy\` \`\`\`go func ApplyRemovalPolicy(policy RemovalPolicy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | | IsResource | Check whether the given construct is a Resource. | | FromOpenIdConnectProviderArn | Imports an Open ID connect provider from an ARN. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.OpenIdConnectProvider_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- ##### \`IsResource\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.OpenIdConnectProvider_IsResource(construct IConstruct) *bool \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.IConstruct --- ##### \`FromOpenIdConnectProviderArn\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.OpenIdConnectProvider_FromOpenIdConnectProviderArn(scope Construct, id *string, openIdConnectProviderArn *string) IOpenIdConnectProvider \`\`\` Imports an Open ID connect provider from an ARN. ###### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct The definition scope. --- ###### \`id\`Required - *Type:* *string ID of the construct. --- ###### \`openIdConnectProviderArn\`Required - *Type:* *string the ARN to import. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | Env | github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this resource is defined. | | OpenIdConnectProviderArn | *string | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. | | OpenIdConnectProviderIssuer | *string | The issuer for OIDC Provider. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this resource is defined. --- ##### \`OpenIdConnectProviderArn\`Required \`\`\`go func OpenIdConnectProviderArn() *string \`\`\` - *Type:* *string The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. --- ##### \`OpenIdConnectProviderIssuer\`Required \`\`\`go func OpenIdConnectProviderIssuer() *string \`\`\` - *Type:* *string The issuer for OIDC Provider. --- ### ServiceAccount - *Implements:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IPrincipal Service Account. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewServiceAccount(scope Construct, id *string, props ServiceAccountProps) ServiceAccount \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | github.com/aws/constructs-go/constructs/v10.Construct | *No description.* | | id | *string | *No description.* | | props | ServiceAccountProps | *No description.* | --- ##### \`scope\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct --- ##### \`id\`Required - *Type:* *string --- ##### \`props\`Required - *Type:* ServiceAccountProps --- #### Methods | **Name** | **Description** | | --- | --- | | ToString | Returns a string representation of this construct. | | AddToPolicy | Add to the policy of this principal. | | AddToPrincipalPolicy | Add to the policy of this principal. | --- ##### \`ToString\` \`\`\`go func ToString() *string \`\`\` Returns a string representation of this construct. ##### ~~\`AddToPolicy\`~~ \`\`\`go func AddToPolicy(statement PolicyStatement) *bool \`\`\` Add to the policy of this principal. ###### \`statement\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.PolicyStatement --- ##### \`AddToPrincipalPolicy\` \`\`\`go func AddToPrincipalPolicy(statement PolicyStatement) AddToPrincipalPolicyResult \`\`\` Add to the policy of this principal. ###### \`statement\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.PolicyStatement --- #### Static Functions | **Name** | **Description** | | --- | --- | | IsConstruct | Return whether the given object is a Construct. | --- ##### \`IsConstruct\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.ServiceAccount_IsConstruct(x interface{}) *bool \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* interface{} --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node associated with this construct. | | AssumeRoleAction | *string | When this Principal is used in an AssumeRole policy, the action to use. | | GrantPrincipal | github.com/aws/aws-cdk-go/awscdk.aws_iam.IPrincipal | The principal to grant permissions to. | | PolicyFragment | github.com/aws/aws-cdk-go/awscdk.aws_iam.PrincipalPolicyFragment | Return the policy fragment that identifies this principal in a Policy. | | Role | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | The role which is linked to the service account. | | ServiceAccountName | *string | The name of the service account. | | ServiceAccountNamespace | *string | The namespace where the service account is located in. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node associated with this construct. --- ##### \`AssumeRoleAction\`Required \`\`\`go func AssumeRoleAction() *string \`\`\` - *Type:* *string When this Principal is used in an AssumeRole policy, the action to use. --- ##### \`GrantPrincipal\`Required \`\`\`go func GrantPrincipal() IPrincipal \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IPrincipal The principal to grant permissions to. --- ##### \`PolicyFragment\`Required \`\`\`go func PolicyFragment() PrincipalPolicyFragment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.PrincipalPolicyFragment Return the policy fragment that identifies this principal in a Policy. --- ##### \`Role\`Required \`\`\`go func Role() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole The role which is linked to the service account. --- ##### \`ServiceAccountName\`Required \`\`\`go func ServiceAccountName() *string \`\`\` - *Type:* *string The name of the service account. --- ##### \`ServiceAccountNamespace\`Required \`\`\`go func ServiceAccountNamespace() *string \`\`\` - *Type:* *string The namespace where the service account is located in. --- ## Structs ### AutoScalingGroupCapacityOptions Options for adding worker nodes. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.AutoScalingGroupCapacityOptions { AllowAllOutbound: *bool, AssociatePublicIpAddress: *bool, AutoScalingGroupName: *string, BlockDevices: *[]github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.BlockDevice, Cooldown: github.com/aws/aws-cdk-go/awscdk.Duration, DesiredCapacity: *f64, GroupMetrics: *[]github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.GroupMetrics, HealthCheck: github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.HealthCheck, IgnoreUnmodifiedSizeProperties: *bool, InstanceMonitoring: github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.Monitoring, KeyName: *string, MaxCapacity: *f64, MaxInstanceLifetime: github.com/aws/aws-cdk-go/awscdk.Duration, MinCapacity: *f64, NewInstancesProtectedFromScaleIn: *bool, Notifications: *[]github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.NotificationConfiguration, NotificationsTopic: github.com/aws/aws-cdk-go/awscdk.aws_sns.ITopic, ReplacingUpdateMinSuccessfulInstancesPercent: *f64, ResourceSignalCount: *f64, ResourceSignalTimeout: github.com/aws/aws-cdk-go/awscdk.Duration, RollingUpdateConfiguration: github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.RollingUpdateConfiguration, Signals: github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.Signals, SpotPrice: *string, UpdatePolicy: github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.UpdatePolicy, UpdateType: github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.UpdateType, VpcSubnets: github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection, InstanceType: github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType, BootstrapEnabled: *bool, BootstrapOptions: github.com/aws/aws-cdk-go/awscdk.aws_eks.BootstrapOptions, MachineImageType: github.com/aws/aws-cdk-go/awscdk.aws_eks.MachineImageType, MapRole: *bool, SpotInterruptHandler: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AllowAllOutbound | *bool | Whether the instances can initiate connections to anywhere by default. | | AssociatePublicIpAddress | *bool | Whether instances in the Auto Scaling Group should have public IP addresses associated with them. | | AutoScalingGroupName | *string | The name of the Auto Scaling group. | | BlockDevices | *[]github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.BlockDevice | Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. | | Cooldown | github.com/aws/aws-cdk-go/awscdk.Duration | Default scaling cooldown for this AutoScalingGroup. | | DesiredCapacity | *f64 | Initial amount of instances in the fleet. | | GroupMetrics | *[]github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.GroupMetrics | Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. | | HealthCheck | github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.HealthCheck | Configuration for health checks. | | IgnoreUnmodifiedSizeProperties | *bool | If the ASG has scheduled actions, don't reset unchanged group sizes. | | InstanceMonitoring | github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.Monitoring | Controls whether instances in this group are launched with detailed or basic monitoring. | | KeyName | *string | Name of SSH keypair to grant access to instances. | | MaxCapacity | *f64 | Maximum number of instances in the fleet. | | MaxInstanceLifetime | github.com/aws/aws-cdk-go/awscdk.Duration | The maximum amount of time that an instance can be in service. | | MinCapacity | *f64 | Minimum number of instances in the fleet. | | NewInstancesProtectedFromScaleIn | *bool | Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. | | Notifications | *[]github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.NotificationConfiguration | Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). | | NotificationsTopic | github.com/aws/aws-cdk-go/awscdk.aws_sns.ITopic | SNS topic to send notifications about fleet changes. | | ReplacingUpdateMinSuccessfulInstancesPercent | *f64 | Configuration for replacing updates. | | ResourceSignalCount | *f64 | How many ResourceSignal calls CloudFormation expects before the resource is considered created. | | ResourceSignalTimeout | github.com/aws/aws-cdk-go/awscdk.Duration | The length of time to wait for the resourceSignalCount. | | RollingUpdateConfiguration | github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.RollingUpdateConfiguration | Configuration for rolling updates. | | Signals | github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.Signals | Configure waiting for signals during deployment. | | SpotPrice | *string | The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. | | UpdatePolicy | github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.UpdatePolicy | What to do when an AutoScalingGroup's instance configuration is changed. | | UpdateType | github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.UpdateType | What to do when an AutoScalingGroup's instance configuration is changed. | | VpcSubnets | github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection | Where to place instances within the VPC. | | InstanceType | github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType | Instance type of the instances to start. | | BootstrapEnabled | *bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | BootstrapOptions | BootstrapOptions | EKS node bootstrapping options. | | MachineImageType | MachineImageType | Machine image type. | | MapRole | *bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | SpotInterruptHandler | *bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`AllowAllOutbound\`Optional \`\`\`go AllowAllOutbound *bool \`\`\` - *Type:* *bool - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ##### \`AssociatePublicIpAddress\`Optional \`\`\`go AssociatePublicIpAddress *bool \`\`\` - *Type:* *bool - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ##### \`AutoScalingGroupName\`Optional \`\`\`go AutoScalingGroupName *string \`\`\` - *Type:* *string - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ##### \`BlockDevices\`Optional \`\`\`go BlockDevices *[]BlockDevice \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.BlockDevice - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ##### \`Cooldown\`Optional \`\`\`go Cooldown Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ##### \`DesiredCapacity\`Optional \`\`\`go DesiredCapacity *f64 \`\`\` - *Type:* *f64 - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ##### \`GroupMetrics\`Optional \`\`\`go GroupMetrics *[]GroupMetrics \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.GroupMetrics - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ##### \`HealthCheck\`Optional \`\`\`go HealthCheck HealthCheck \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ##### \`IgnoreUnmodifiedSizeProperties\`Optional \`\`\`go IgnoreUnmodifiedSizeProperties *bool \`\`\` - *Type:* *bool - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ##### \`InstanceMonitoring\`Optional \`\`\`go InstanceMonitoring Monitoring \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ##### \`KeyName\`Optional \`\`\`go KeyName *string \`\`\` - *Type:* *string - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ##### \`MaxCapacity\`Optional \`\`\`go MaxCapacity *f64 \`\`\` - *Type:* *f64 - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ##### \`MaxInstanceLifetime\`Optional \`\`\`go MaxInstanceLifetime Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ##### \`MinCapacity\`Optional \`\`\`go MinCapacity *f64 \`\`\` - *Type:* *f64 - *Default:* 1 Minimum number of instances in the fleet. --- ##### \`NewInstancesProtectedFromScaleIn\`Optional \`\`\`go NewInstancesProtectedFromScaleIn *bool \`\`\` - *Type:* *bool - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ##### \`Notifications\`Optional \`\`\`go Notifications *[]NotificationConfiguration \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.NotificationConfiguration - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ##### ~~\`NotificationsTopic\`~~Optional - *Deprecated:* use \`notifications\` \`\`\`go NotificationsTopic ITopic \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_sns.ITopic - *Default:* No fleet change notifications will be sent. SNS topic to send notifications about fleet changes. --- ##### ~~\`ReplacingUpdateMinSuccessfulInstancesPercent\`~~Optional - *Deprecated:* Use \`signals\` instead \`\`\`go ReplacingUpdateMinSuccessfulInstancesPercent *f64 \`\`\` - *Type:* *f64 - *Default:* minSuccessfulInstancesPercent Configuration for replacing updates. Only used if updateType == UpdateType.ReplacingUpdate. Specifies how many instances must signal success for the update to succeed. --- ##### ~~\`ResourceSignalCount\`~~Optional - *Deprecated:* Use \`signals\` instead. \`\`\`go ResourceSignalCount *f64 \`\`\` - *Type:* *f64 - *Default:* 1 if resourceSignalTimeout is set, 0 otherwise How many ResourceSignal calls CloudFormation expects before the resource is considered created. --- ##### ~~\`ResourceSignalTimeout\`~~Optional - *Deprecated:* Use \`signals\` instead. \`\`\`go ResourceSignalTimeout Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Duration - *Default:* Duration.minutes(5) if resourceSignalCount is set, N/A otherwise The length of time to wait for the resourceSignalCount. The maximum value is 43200 (12 hours). --- ##### ~~\`RollingUpdateConfiguration\`~~Optional - *Deprecated:* Use \`updatePolicy\` instead \`\`\`go RollingUpdateConfiguration RollingUpdateConfiguration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.RollingUpdateConfiguration - *Default:* RollingUpdateConfiguration with defaults. Configuration for rolling updates. Only used if updateType == UpdateType.RollingUpdate. --- ##### \`Signals\`Optional \`\`\`go Signals Signals \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ##### \`SpotPrice\`Optional \`\`\`go SpotPrice *string \`\`\` - *Type:* *string - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ##### \`UpdatePolicy\`Optional \`\`\`go UpdatePolicy UpdatePolicy \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### ~~\`UpdateType\`~~Optional - *Deprecated:* Use \`updatePolicy\` instead \`\`\`go UpdateType UpdateType \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_autoscaling.UpdateType - *Default:* UpdateType.None What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ##### \`InstanceType\`Required \`\`\`go InstanceType InstanceType \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType Instance type of the instances to start. --- ##### \`BootstrapEnabled\`Optional \`\`\`go BootstrapEnabled *bool \`\`\` - *Type:* *bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`BootstrapOptions\`Optional \`\`\`go BootstrapOptions BootstrapOptions \`\`\` - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ##### \`MachineImageType\`Optional \`\`\`go MachineImageType MachineImageType \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ##### \`MapRole\`Optional \`\`\`go MapRole *bool \`\`\` - *Type:* *bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`SpotInterruptHandler\`Optional \`\`\`go SpotInterruptHandler *bool \`\`\` - *Type:* *bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ### AutoScalingGroupOptions Options for adding an AutoScalingGroup as capacity. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.AutoScalingGroupOptions { BootstrapEnabled: *bool, BootstrapOptions: github.com/aws/aws-cdk-go/awscdk.aws_eks.BootstrapOptions, MachineImageType: github.com/aws/aws-cdk-go/awscdk.aws_eks.MachineImageType, MapRole: *bool, SpotInterruptHandler: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | BootstrapEnabled | *bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | BootstrapOptions | BootstrapOptions | Allows options for node bootstrapping through EC2 user data. | | MachineImageType | MachineImageType | Allow options to specify different machine image type. | | MapRole | *bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | SpotInterruptHandler | *bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`BootstrapEnabled\`Optional \`\`\`go BootstrapEnabled *bool \`\`\` - *Type:* *bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`BootstrapOptions\`Optional \`\`\`go BootstrapOptions BootstrapOptions \`\`\` - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ##### \`MachineImageType\`Optional \`\`\`go MachineImageType MachineImageType \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ##### \`MapRole\`Optional \`\`\`go MapRole *bool \`\`\` - *Type:* *bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`SpotInterruptHandler\`Optional \`\`\`go SpotInterruptHandler *bool \`\`\` - *Type:* *bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ### AwsAuthMapping AwsAuth mapping. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.AwsAuthMapping { Groups: *[]*string, Username: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Groups | *[]*string | A list of groups within Kubernetes to which the role is mapped. | | Username | *string | The user name within Kubernetes to map to the IAM role. | --- ##### \`Groups\`Required \`\`\`go Groups *[]*string \`\`\` - *Type:* *[]*string A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`Username\`Optional \`\`\`go Username *string \`\`\` - *Type:* *string - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- ### AwsAuthProps Configuration props for the AwsAuth construct. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.AwsAuthProps { Cluster: github.com/aws/aws-cdk-go/awscdk.aws_eks.Cluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`Cluster\`Required \`\`\`go Cluster Cluster \`\`\` - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### BootstrapOptions EKS node bootstrapping options. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.BootstrapOptions { AdditionalArgs: *string, AwsApiRetryAttempts: *f64, DnsClusterIp: *string, DockerConfigJson: *string, EnableDockerBridge: *bool, KubeletExtraArgs: *string, UseMaxPods: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AdditionalArgs | *string | Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. | | AwsApiRetryAttempts | *f64 | Number of retry attempts for AWS API call (DescribeCluster). | | DnsClusterIp | *string | Overrides the IP address to use for DNS queries within the cluster. | | DockerConfigJson | *string | The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. | | EnableDockerBridge | *bool | Restores the docker default bridge network. | | KubeletExtraArgs | *string | Extra arguments to add to the kubelet. | | UseMaxPods | *bool | Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. | --- ##### \`AdditionalArgs\`Optional \`\`\`go AdditionalArgs *string \`\`\` - *Type:* *string - *Default:* none Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. > [https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) --- ##### \`AwsApiRetryAttempts\`Optional \`\`\`go AwsApiRetryAttempts *f64 \`\`\` - *Type:* *f64 - *Default:* 3 Number of retry attempts for AWS API call (DescribeCluster). --- ##### \`DnsClusterIp\`Optional \`\`\`go DnsClusterIp *string \`\`\` - *Type:* *string - *Default:* 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface. Overrides the IP address to use for DNS queries within the cluster. --- ##### \`DockerConfigJson\`Optional \`\`\`go DockerConfigJson *string \`\`\` - *Type:* *string - *Default:* none The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. --- ##### \`EnableDockerBridge\`Optional \`\`\`go EnableDockerBridge *bool \`\`\` - *Type:* *bool - *Default:* false Restores the docker default bridge network. --- ##### \`KubeletExtraArgs\`Optional \`\`\`go KubeletExtraArgs *string \`\`\` - *Type:* *string - *Default:* none Extra arguments to add to the kubelet. Useful for adding labels or taints. --- *Example* \`\`\`go // Example automatically generated from non-compiling source. May contain errors. --node - labelsfoo = bar , goo = far \`\`\` ##### \`UseMaxPods\`Optional \`\`\`go UseMaxPods *bool \`\`\` - *Type:* *bool - *Default:* true Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. --- ### CfnAddonProps Properties for defining a \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.CfnAddonProps { AddonName: *string, ClusterName: *string, AddonVersion: *string, ResolveConflicts: *string, ServiceAccountRoleArn: *string, Tags: *[]github.com/aws/aws-cdk-go/awscdk.CfnTag, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AddonName | *string | \`AWS::EKS::Addon.AddonName\`. | | ClusterName | *string | \`AWS::EKS::Addon.ClusterName\`. | | AddonVersion | *string | \`AWS::EKS::Addon.AddonVersion\`. | | ResolveConflicts | *string | \`AWS::EKS::Addon.ResolveConflicts\`. | | ServiceAccountRoleArn | *string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | Tags | *[]github.com/aws/aws-cdk-go/awscdk.CfnTag | \`AWS::EKS::Addon.Tags\`. | --- ##### \`AddonName\`Required \`\`\`go AddonName *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`ClusterName\`Required \`\`\`go ClusterName *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`AddonVersion\`Optional \`\`\`go AddonVersion *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`ResolveConflicts\`Optional \`\`\`go ResolveConflicts *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`ServiceAccountRoleArn\`Optional \`\`\`go ServiceAccountRoleArn *string \`\`\` - *Type:* *string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`Tags\`Optional \`\`\`go Tags *[]CfnTag \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.CfnTag \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ### CfnClusterProps Properties for defining a \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.CfnClusterProps { ResourcesVpcConfig: interface{}, RoleArn: *string, EncryptionConfig: interface{}, KubernetesNetworkConfig: interface{}, Name: *string, Version: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ResourcesVpcConfig | interface{} | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | RoleArn | *string | \`AWS::EKS::Cluster.RoleArn\`. | | EncryptionConfig | interface{} | \`AWS::EKS::Cluster.EncryptionConfig\`. | | KubernetesNetworkConfig | interface{} | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | Name | *string | \`AWS::EKS::Cluster.Name\`. | | Version | *string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`ResourcesVpcConfig\`Required \`\`\`go ResourcesVpcConfig interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`RoleArn\`Required \`\`\`go RoleArn *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`EncryptionConfig\`Optional \`\`\`go EncryptionConfig interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`KubernetesNetworkConfig\`Optional \`\`\`go KubernetesNetworkConfig interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`Name\`Optional \`\`\`go Name *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- ### CfnFargateProfileProps Properties for defining a \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.CfnFargateProfileProps { ClusterName: *string, PodExecutionRoleArn: *string, Selectors: interface{}, FargateProfileName: *string, Subnets: *[]*string, Tags: *[]github.com/aws/aws-cdk-go/awscdk.CfnTag, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | *string | \`AWS::EKS::FargateProfile.ClusterName\`. | | PodExecutionRoleArn | *string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | Selectors | interface{} | \`AWS::EKS::FargateProfile.Selectors\`. | | FargateProfileName | *string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | Subnets | *[]*string | \`AWS::EKS::FargateProfile.Subnets\`. | | Tags | *[]github.com/aws/aws-cdk-go/awscdk.CfnTag | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`ClusterName\`Required \`\`\`go ClusterName *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`PodExecutionRoleArn\`Required \`\`\`go PodExecutionRoleArn *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`Selectors\`Required \`\`\`go Selectors interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`FargateProfileName\`Optional \`\`\`go FargateProfileName *string \`\`\` - *Type:* *string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`Subnets\`Optional \`\`\`go Subnets *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`Tags\`Optional \`\`\`go Tags *[]CfnTag \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.CfnTag \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ### CfnNodegroupProps Properties for defining a \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.CfnNodegroupProps { ClusterName: *string, NodeRole: *string, Subnets: *[]*string, AmiType: *string, CapacityType: *string, DiskSize: *f64, ForceUpdateEnabled: interface{}, InstanceTypes: *[]*string, Labels: interface{}, LaunchTemplate: interface{}, NodegroupName: *string, ReleaseVersion: *string, RemoteAccess: interface{}, ScalingConfig: interface{}, Tags: interface{}, Taints: interface{}, Version: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | *string | \`AWS::EKS::Nodegroup.ClusterName\`. | | NodeRole | *string | \`AWS::EKS::Nodegroup.NodeRole\`. | | Subnets | *[]*string | \`AWS::EKS::Nodegroup.Subnets\`. | | AmiType | *string | \`AWS::EKS::Nodegroup.AmiType\`. | | CapacityType | *string | \`AWS::EKS::Nodegroup.CapacityType\`. | | DiskSize | *f64 | \`AWS::EKS::Nodegroup.DiskSize\`. | | ForceUpdateEnabled | interface{} | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | InstanceTypes | *[]*string | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | Labels | interface{} | \`AWS::EKS::Nodegroup.Labels\`. | | LaunchTemplate | interface{} | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | NodegroupName | *string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | ReleaseVersion | *string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | RemoteAccess | interface{} | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | ScalingConfig | interface{} | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | Tags | interface{} | \`AWS::EKS::Nodegroup.Tags\`. | | Taints | interface{} | \`AWS::EKS::Nodegroup.Taints\`. | | Version | *string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`ClusterName\`Required \`\`\`go ClusterName *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`NodeRole\`Required \`\`\`go NodeRole *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`Subnets\`Required \`\`\`go Subnets *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`AmiType\`Optional \`\`\`go AmiType *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`CapacityType\`Optional \`\`\`go CapacityType *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`DiskSize\`Optional \`\`\`go DiskSize *f64 \`\`\` - *Type:* *f64 \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`ForceUpdateEnabled\`Optional \`\`\`go ForceUpdateEnabled interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`InstanceTypes\`Optional \`\`\`go InstanceTypes *[]*string \`\`\` - *Type:* *[]*string \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`go Labels interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`LaunchTemplate\`Optional \`\`\`go LaunchTemplate interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`NodegroupName\`Optional \`\`\`go NodegroupName *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`ReleaseVersion\`Optional \`\`\`go ReleaseVersion *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`RemoteAccess\`Optional \`\`\`go RemoteAccess interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`ScalingConfig\`Optional \`\`\`go ScalingConfig interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`Tags\`Optional \`\`\`go Tags interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`Taints\`Optional \`\`\`go Taints interface{} \`\`\` - *Type:* interface{} \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- ### ClusterAttributes Attributes for EKS clusters. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.ClusterAttributes { ClusterName: *string, ClusterCertificateAuthorityData: *string, ClusterEncryptionConfigKeyArn: *string, ClusterEndpoint: *string, ClusterSecurityGroupId: *string, KubectlEnvironment: *map[string]*string, KubectlLayer: github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion, KubectlMemory: github.com/aws/aws-cdk-go/awscdk.Size, KubectlPrivateSubnetIds: *[]*string, KubectlRoleArn: *string, KubectlSecurityGroupId: *string, OpenIdConnectProvider: github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider, Prune: *bool, SecurityGroupIds: *[]*string, Vpc: github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ClusterName | *string | The physical name of the Cluster. | | ClusterCertificateAuthorityData | *string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | *string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | *string | The API Server endpoint URL. | | ClusterSecurityGroupId | *string | The cluster security group that was created by Amazon EKS for the cluster. | | KubectlEnvironment | *map[string]*string | Environment variables to use when running \`kubectl\` against this cluster. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | KubectlPrivateSubnetIds | *[]*string | Subnets to host the \`kubectl\` compute resources. | | KubectlRoleArn | *string | An IAM role with cluster administrator and "system:masters" permissions. | | KubectlSecurityGroupId | *string | A security group to use for \`kubectl\` execution. | | OpenIdConnectProvider | github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider | An Open ID Connect provider for this cluster that can be used to configure service accounts. | | Prune | *bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecurityGroupIds | *[]*string | Additional security groups associated with this cluster. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC in which this Cluster was created. | --- ##### \`ClusterName\`Required \`\`\`go ClusterName *string \`\`\` - *Type:* *string The physical name of the Cluster. --- ##### \`ClusterCertificateAuthorityData\`Optional \`\`\`go ClusterCertificateAuthorityData *string \`\`\` - *Type:* *string - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Optional \`\`\`go ClusterEncryptionConfigKeyArn *string \`\`\` - *Type:* *string - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Optional \`\`\`go ClusterEndpoint *string \`\`\` - *Type:* *string - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ##### \`ClusterSecurityGroupId\`Optional \`\`\`go ClusterSecurityGroupId *string \`\`\` - *Type:* *string - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`KubectlEnvironment\`Optional \`\`\`go KubectlEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`go KubectlLayer ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: \`\`\` helm/helm kubectl/kubectl awscli/aws \`\`\` --- ##### \`KubectlMemory\`Optional \`\`\`go KubectlMemory Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`KubectlPrivateSubnetIds\`Optional \`\`\`go KubectlPrivateSubnetIds *[]*string \`\`\` - *Type:* *[]*string - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`KubectlRoleArn\`Optional \`\`\`go KubectlRoleArn *string \`\`\` - *Type:* *string - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ##### \`KubectlSecurityGroupId\`Optional \`\`\`go KubectlSecurityGroupId *string \`\`\` - *Type:* *string - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`OpenIdConnectProvider\`Optional \`\`\`go OpenIdConnectProvider IOpenIdConnectProvider \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecurityGroupIds\`Optional \`\`\`go SecurityGroupIds *[]*string \`\`\` - *Type:* *[]*string - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- ### ClusterOptions Options for EKS clusters. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.ClusterOptions { Version: github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesVersion, ClusterName: *string, OutputClusterName: *bool, OutputConfigCommand: *bool, Role: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, SecurityGroup: github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup, Vpc: github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc, VpcSubnets: *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection, ClusterHandlerEnvironment: *map[string]*string, CoreDnsComputeType: github.com/aws/aws-cdk-go/awscdk.aws_eks.CoreDnsComputeType, EndpointAccess: github.com/aws/aws-cdk-go/awscdk.aws_eks.EndpointAccess, KubectlEnvironment: *map[string]*string, KubectlLayer: github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion, KubectlMemory: github.com/aws/aws-cdk-go/awscdk.Size, MastersRole: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, OutputMastersRoleArn: *bool, PlaceClusterHandlerInVpc: *bool, Prune: *bool, SecretsEncryptionKey: github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | *string | Name for the cluster. | | OutputClusterName | *bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | *bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | *map[string]*string | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | *map[string]*string | Environment variables for the kubectl execution. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | *bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | *bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | *bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | --- ##### \`Version\`Required \`\`\`go Version KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`go ClusterName *string \`\`\` - *Type:* *string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`go OutputClusterName *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`go OutputConfigCommand *bool \`\`\` - *Type:* *bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`go Role IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`go SecurityGroup ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets *[]SubnetSelection \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`go ClusterHandlerEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`go CoreDnsComputeType CoreDnsComputeType \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`go EndpointAccess EndpointAccess \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`go KubectlEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`go KubectlLayer ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. layer := lambda.NewLayerVersion(this, jsii.String("kubectl-layer"), map[string]interface{}{ "code": lambda.Code_fromAsset(fmt.Sprintf("%v/layer.zip", __dirname)), })var compatibleRuntimes [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`go KubectlMemory Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`go MastersRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`go OutputMastersRoleArn *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`go PlaceClusterHandlerInVpc *bool \`\`\` - *Type:* *bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`go SecretsEncryptionKey IKey \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ### ClusterProps Common configuration props for EKS clusters. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.ClusterProps { Version: github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesVersion, ClusterName: *string, OutputClusterName: *bool, OutputConfigCommand: *bool, Role: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, SecurityGroup: github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup, Vpc: github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc, VpcSubnets: *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection, ClusterHandlerEnvironment: *map[string]*string, CoreDnsComputeType: github.com/aws/aws-cdk-go/awscdk.aws_eks.CoreDnsComputeType, EndpointAccess: github.com/aws/aws-cdk-go/awscdk.aws_eks.EndpointAccess, KubectlEnvironment: *map[string]*string, KubectlLayer: github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion, KubectlMemory: github.com/aws/aws-cdk-go/awscdk.Size, MastersRole: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, OutputMastersRoleArn: *bool, PlaceClusterHandlerInVpc: *bool, Prune: *bool, SecretsEncryptionKey: github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey, DefaultCapacity: *f64, DefaultCapacityInstance: github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType, DefaultCapacityType: github.com/aws/aws-cdk-go/awscdk.aws_eks.DefaultCapacityType, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | *string | Name for the cluster. | | OutputClusterName | *bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | *bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | *map[string]*string | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | *map[string]*string | Environment variables for the kubectl execution. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | *bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | *bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | *bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | DefaultCapacity | *f64 | Number of instances to allocate as an initial capacity for this cluster. | | DefaultCapacityInstance | github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType | The instance type to use for the default capacity. | | DefaultCapacityType | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`Version\`Required \`\`\`go Version KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`go ClusterName *string \`\`\` - *Type:* *string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`go OutputClusterName *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`go OutputConfigCommand *bool \`\`\` - *Type:* *bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`go Role IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`go SecurityGroup ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets *[]SubnetSelection \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`go ClusterHandlerEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`go CoreDnsComputeType CoreDnsComputeType \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`go EndpointAccess EndpointAccess \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`go KubectlEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`go KubectlLayer ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. layer := lambda.NewLayerVersion(this, jsii.String("kubectl-layer"), map[string]interface{}{ "code": lambda.Code_fromAsset(fmt.Sprintf("%v/layer.zip", __dirname)), })var compatibleRuntimes [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`go KubectlMemory Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`go MastersRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`go OutputMastersRoleArn *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`go PlaceClusterHandlerInVpc *bool \`\`\` - *Type:* *bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`go SecretsEncryptionKey IKey \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`DefaultCapacity\`Optional \`\`\`go DefaultCapacity *f64 \`\`\` - *Type:* *f64 - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`DefaultCapacityInstance\`Optional \`\`\`go DefaultCapacityInstance InstanceType \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`DefaultCapacityType\`Optional \`\`\`go DefaultCapacityType DefaultCapacityType \`\`\` - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- ### CommonClusterOptions Options for configuring an EKS cluster. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.CommonClusterOptions { Version: github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesVersion, ClusterName: *string, OutputClusterName: *bool, OutputConfigCommand: *bool, Role: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, SecurityGroup: github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup, Vpc: github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc, VpcSubnets: *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | *string | Name for the cluster. | | OutputClusterName | *bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | *bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection | Where to place EKS Control Plane ENIs. | --- ##### \`Version\`Required \`\`\`go Version KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`go ClusterName *string \`\`\` - *Type:* *string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`go OutputClusterName *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`go OutputConfigCommand *bool \`\`\` - *Type:* *bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`go Role IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`go SecurityGroup ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets *[]SubnetSelection \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ### EksOptimizedImageProps Properties for EksOptimizedImage. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.EksOptimizedImageProps { CpuArch: github.com/aws/aws-cdk-go/awscdk.aws_eks.CpuArch, KubernetesVersion: *string, NodeType: github.com/aws/aws-cdk-go/awscdk.aws_eks.NodeType, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | CpuArch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | KubernetesVersion | *string | The Kubernetes version to use. | | NodeType | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`CpuArch\`Optional \`\`\`go CpuArch CpuArch \`\`\` - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`KubernetesVersion\`Optional \`\`\`go KubernetesVersion *string \`\`\` - *Type:* *string - *Default:* The latest version The Kubernetes version to use. --- ##### \`NodeType\`Optional \`\`\`go NodeType NodeType \`\`\` - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- ### EncryptionConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.EncryptionConfigProperty { Provider: interface{}, Resources: *[]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Provider | interface{} | \`CfnCluster.EncryptionConfigProperty.Provider\`. | | Resources | *[]*string | \`CfnCluster.EncryptionConfigProperty.Resources\`. | --- ##### \`Provider\`Optional \`\`\`go Provider interface{} \`\`\` - *Type:* interface{} \`CfnCluster.EncryptionConfigProperty.Provider\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider) --- ##### \`Resources\`Optional \`\`\`go Resources *[]*string \`\`\` - *Type:* *[]*string \`CfnCluster.EncryptionConfigProperty.Resources\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources) --- ### FargateClusterProps Configuration props for EKS Fargate. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.FargateClusterProps { Version: github.com/aws/aws-cdk-go/awscdk.aws_eks.KubernetesVersion, ClusterName: *string, OutputClusterName: *bool, OutputConfigCommand: *bool, Role: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, SecurityGroup: github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup, Vpc: github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc, VpcSubnets: *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection, ClusterHandlerEnvironment: *map[string]*string, CoreDnsComputeType: github.com/aws/aws-cdk-go/awscdk.aws_eks.CoreDnsComputeType, EndpointAccess: github.com/aws/aws-cdk-go/awscdk.aws_eks.EndpointAccess, KubectlEnvironment: *map[string]*string, KubectlLayer: github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion, KubectlMemory: github.com/aws/aws-cdk-go/awscdk.Size, MastersRole: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, OutputMastersRoleArn: *bool, PlaceClusterHandlerInVpc: *bool, Prune: *bool, SecretsEncryptionKey: github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey, DefaultProfile: github.com/aws/aws-cdk-go/awscdk.aws_eks.FargateProfileOptions, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | KubernetesVersion | The Kubernetes version to run in the cluster. | | ClusterName | *string | Name for the cluster. | | OutputClusterName | *bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | OutputConfigCommand | *bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | Role | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | SecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | VpcSubnets | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection | Where to place EKS Control Plane ENIs. | | ClusterHandlerEnvironment | *map[string]*string | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | CoreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | EndpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | KubectlEnvironment | *map[string]*string | Environment variables for the kubectl execution. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | MastersRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | OutputMastersRoleArn | *bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | PlaceClusterHandlerInVpc | *bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | Prune | *bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | SecretsEncryptionKey | github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | DefaultProfile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`Version\`Required \`\`\`go Version KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`ClusterName\`Optional \`\`\`go ClusterName *string \`\`\` - *Type:* *string - *Default:* Automatically generated name Name for the cluster. --- ##### \`OutputClusterName\`Optional \`\`\`go OutputClusterName *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`OutputConfigCommand\`Optional \`\`\`go OutputConfigCommand *bool \`\`\` - *Type:* *bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`Role\`Optional \`\`\`go Role IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`SecurityGroup\`Optional \`\`\`go SecurityGroup ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`VpcSubnets\`Optional \`\`\`go VpcSubnets *[]SubnetSelection \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`ClusterHandlerEnvironment\`Optional \`\`\`go ClusterHandlerEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`CoreDnsComputeType\`Optional \`\`\`go CoreDnsComputeType CoreDnsComputeType \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`EndpointAccess\`Optional \`\`\`go EndpointAccess EndpointAccess \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`KubectlEnvironment\`Optional \`\`\`go KubectlEnvironment *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`KubectlLayer\`Optional \`\`\`go KubectlLayer ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`go // Example automatically generated from non-compiling source. May contain errors. layer := lambda.NewLayerVersion(this, jsii.String("kubectl-layer"), map[string]interface{}{ "code": lambda.Code_fromAsset(fmt.Sprintf("%v/layer.zip", __dirname)), })var compatibleRuntimes [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`KubectlMemory\`Optional \`\`\`go KubectlMemory Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`MastersRole\`Optional \`\`\`go MastersRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`OutputMastersRoleArn\`Optional \`\`\`go OutputMastersRoleArn *bool \`\`\` - *Type:* *bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`PlaceClusterHandlerInVpc\`Optional \`\`\`go PlaceClusterHandlerInVpc *bool \`\`\` - *Type:* *bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`SecretsEncryptionKey\`Optional \`\`\`go SecretsEncryptionKey IKey \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`DefaultProfile\`Optional \`\`\`go DefaultProfile FargateProfileOptions \`\`\` - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- ### FargateProfileOptions Options for defining EKS Fargate Profiles. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.FargateProfileOptions { Selectors: *[]github.com/aws/aws-cdk-go/awscdk.aws_eks.Selector, FargateProfileName: *string, PodExecutionRole: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, SubnetSelection: github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection, Vpc: github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Selectors | *[]Selector | The selectors to match for pods to use this Fargate profile. | | FargateProfileName | *string | The name of the Fargate profile. | | PodExecutionRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | SubnetSelection | github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | --- ##### \`Selectors\`Required \`\`\`go Selectors *[]Selector \`\`\` - *Type:* *[]Selector The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`FargateProfileName\`Optional \`\`\`go FargateProfileName *string \`\`\` - *Type:* *string - *Default:* generated The name of the Fargate profile. --- ##### \`PodExecutionRole\`Optional \`\`\`go PodExecutionRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`SubnetSelection\`Optional \`\`\`go SubnetSelection SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ### FargateProfileProps Configuration props for EKS Fargate Profiles. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.FargateProfileProps { Selectors: *[]github.com/aws/aws-cdk-go/awscdk.aws_eks.Selector, FargateProfileName: *string, PodExecutionRole: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, SubnetSelection: github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection, Vpc: github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc, Cluster: github.com/aws/aws-cdk-go/awscdk.aws_eks.Cluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Selectors | *[]Selector | The selectors to match for pods to use this Fargate profile. | | FargateProfileName | *string | The name of the Fargate profile. | | PodExecutionRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | SubnetSelection | github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | Cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`Selectors\`Required \`\`\`go Selectors *[]Selector \`\`\` - *Type:* *[]Selector The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`FargateProfileName\`Optional \`\`\`go FargateProfileName *string \`\`\` - *Type:* *string - *Default:* generated The name of the Fargate profile. --- ##### \`PodExecutionRole\`Optional \`\`\`go PodExecutionRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`SubnetSelection\`Optional \`\`\`go SubnetSelection SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`Vpc\`Optional \`\`\`go Vpc IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`Cluster\`Required \`\`\`go Cluster Cluster \`\`\` - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- ### HelmChartOptions Helm Chart options. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.HelmChartOptions { Chart: *string, CreateNamespace: *bool, Namespace: *string, Release: *string, Repository: *string, Timeout: github.com/aws/aws-cdk-go/awscdk.Duration, Values: *map[string]interface{}, Version: *string, Wait: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Chart | *string | The name of the chart. | | CreateNamespace | *bool | create namespace if not exist. | | Namespace | *string | The Kubernetes namespace scope of the requests. | | Release | *string | The name of the release. | | Repository | *string | The repository which contains the chart. | | Timeout | github.com/aws/aws-cdk-go/awscdk.Duration | Amount of time to wait for any individual Kubernetes operation. | | Values | *map[string]interface{} | The values to be used by the chart. | | Version | *string | The chart version to install. | | Wait | *bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | --- ##### \`Chart\`Required \`\`\`go Chart *string \`\`\` - *Type:* *string The name of the chart. --- ##### \`CreateNamespace\`Optional \`\`\`go CreateNamespace *bool \`\`\` - *Type:* *bool - *Default:* true create namespace if not exist. --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`Release\`Optional \`\`\`go Release *string \`\`\` - *Type:* *string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`Repository\`Optional \`\`\`go Repository *string \`\`\` - *Type:* *string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`Timeout\`Optional \`\`\`go Timeout Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`Values\`Optional \`\`\`go Values *map[string]interface{} \`\`\` - *Type:* *map[string]interface{} - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`Wait\`Optional \`\`\`go Wait *bool \`\`\` - *Type:* *bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ### HelmChartProps Helm Chart properties. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.HelmChartProps { Chart: *string, CreateNamespace: *bool, Namespace: *string, Release: *string, Repository: *string, Timeout: github.com/aws/aws-cdk-go/awscdk.Duration, Values: *map[string]interface{}, Version: *string, Wait: *bool, Cluster: github.com/aws/aws-cdk-go/awscdk.aws_eks.ICluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Chart | *string | The name of the chart. | | CreateNamespace | *bool | create namespace if not exist. | | Namespace | *string | The Kubernetes namespace scope of the requests. | | Release | *string | The name of the release. | | Repository | *string | The repository which contains the chart. | | Timeout | github.com/aws/aws-cdk-go/awscdk.Duration | Amount of time to wait for any individual Kubernetes operation. | | Values | *map[string]interface{} | The values to be used by the chart. | | Version | *string | The chart version to install. | | Wait | *bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | Cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`Chart\`Required \`\`\`go Chart *string \`\`\` - *Type:* *string The name of the chart. --- ##### \`CreateNamespace\`Optional \`\`\`go CreateNamespace *bool \`\`\` - *Type:* *bool - *Default:* true create namespace if not exist. --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`Release\`Optional \`\`\`go Release *string \`\`\` - *Type:* *string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`Repository\`Optional \`\`\`go Repository *string \`\`\` - *Type:* *string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`Timeout\`Optional \`\`\`go Timeout Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`Values\`Optional \`\`\`go Values *map[string]interface{} \`\`\` - *Type:* *map[string]interface{} - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`Wait\`Optional \`\`\`go Wait *bool \`\`\` - *Type:* *bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### KubernetesManifestOptions Options for \`KubernetesManifest\`. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.KubernetesManifestOptions { Prune: *bool, SkipValidation: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Prune | *bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | SkipValidation | *bool | A flag to signify if the manifest validation should be skipped. | --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`SkipValidation\`Optional \`\`\`go SkipValidation *bool \`\`\` - *Type:* *bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ### KubernetesManifestProps Properties for KubernetesManifest. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.KubernetesManifestProps { Prune: *bool, SkipValidation: *bool, Cluster: github.com/aws/aws-cdk-go/awscdk.aws_eks.ICluster, Manifest: *[]*map[string]interface{}, Overwrite: *bool, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Prune | *bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | SkipValidation | *bool | A flag to signify if the manifest validation should be skipped. | | Cluster | ICluster | The EKS cluster to apply this manifest to. | | Manifest | *[]*map[string]interface{} | The manifest to apply. | | Overwrite | *bool | Overwrite any existing resources. | --- ##### \`Prune\`Optional \`\`\`go Prune *bool \`\`\` - *Type:* *bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`SkipValidation\`Optional \`\`\`go SkipValidation *bool \`\`\` - *Type:* *bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`Manifest\`Required \`\`\`go Manifest *[]*map[string]interface{} \`\`\` - *Type:* *[]*map[string]interface{} The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`go []map[string]interface{}{ map[string]interface{}{ "apiVersion": jsii.String("v1"), "kind": jsii.String("Pod"), "metadata": map[string]*string{ "name": jsii.String("mypod"), }, "spec": map[string][]map[string]interface{}{ "containers": []map[string]interface{}{ map[string]interface{}{ "name": jsii.String("hello"), "image": jsii.String("paulbouwer/hello-kubernetes:1.5"), "ports": []map[string]*f64{ map[string]*f64{ "containerPort": jsii.Number(8080), }, }, }, }, }, }, } \`\`\` ##### \`Overwrite\`Optional \`\`\`go Overwrite *bool \`\`\` - *Type:* *bool - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- ### KubernetesNetworkConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.KubernetesNetworkConfigProperty { ServiceIpv4Cidr: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ServiceIpv4Cidr | *string | \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. | --- ##### \`ServiceIpv4Cidr\`Optional \`\`\`go ServiceIpv4Cidr *string \`\`\` - *Type:* *string \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr) --- ### KubernetesObjectValueProps Properties for KubernetesObjectValue. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.KubernetesObjectValueProps { Cluster: github.com/aws/aws-cdk-go/awscdk.aws_eks.ICluster, JsonPath: *string, ObjectName: *string, ObjectType: *string, ObjectNamespace: *string, Timeout: github.com/aws/aws-cdk-go/awscdk.Duration, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Cluster | ICluster | The EKS cluster to fetch attributes from. | | JsonPath | *string | JSONPath to the specific value. | | ObjectName | *string | The name of the object to query. | | ObjectType | *string | The object type to query. | | ObjectNamespace | *string | The namespace the object belongs to. | | Timeout | github.com/aws/aws-cdk-go/awscdk.Duration | Timeout for waiting on a value. | --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`JsonPath\`Required \`\`\`go JsonPath *string \`\`\` - *Type:* *string JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`ObjectName\`Required \`\`\`go ObjectName *string \`\`\` - *Type:* *string The name of the object to query. --- ##### \`ObjectType\`Required \`\`\`go ObjectType *string \`\`\` - *Type:* *string The object type to query. (e.g 'service', 'pod'...) --- ##### \`ObjectNamespace\`Optional \`\`\`go ObjectNamespace *string \`\`\` - *Type:* *string - *Default:* 'default' The namespace the object belongs to. --- ##### \`Timeout\`Optional \`\`\`go Timeout Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- ### KubernetesPatchProps Properties for KubernetesPatch. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.KubernetesPatchProps { ApplyPatch: *map[string]interface{}, Cluster: github.com/aws/aws-cdk-go/awscdk.aws_eks.ICluster, ResourceName: *string, RestorePatch: *map[string]interface{}, PatchType: github.com/aws/aws-cdk-go/awscdk.aws_eks.PatchType, ResourceNamespace: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ApplyPatch | *map[string]interface{} | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | Cluster | ICluster | The cluster to apply the patch to. | | ResourceName | *string | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | RestorePatch | *map[string]interface{} | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | PatchType | PatchType | The patch type to pass to \`kubectl patch\`. | | ResourceNamespace | *string | The kubernetes API namespace. | --- ##### \`ApplyPatch\`Required \`\`\`go ApplyPatch *map[string]interface{} \`\`\` - *Type:* *map[string]interface{} The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`ResourceName\`Required \`\`\`go ResourceName *string \`\`\` - *Type:* *string The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`RestorePatch\`Required \`\`\`go RestorePatch *map[string]interface{} \`\`\` - *Type:* *map[string]interface{} The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`PatchType\`Optional \`\`\`go PatchType PatchType \`\`\` - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`ResourceNamespace\`Optional \`\`\`go ResourceNamespace *string \`\`\` - *Type:* *string - *Default:* "default" The kubernetes API namespace. --- ### LabelProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.LabelProperty { Key: *string, Value: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Key | *string | \`CfnFargateProfile.LabelProperty.Key\`. | | Value | *string | \`CfnFargateProfile.LabelProperty.Value\`. | --- ##### \`Key\`Required \`\`\`go Key *string \`\`\` - *Type:* *string \`CfnFargateProfile.LabelProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key) --- ##### \`Value\`Required \`\`\`go Value *string \`\`\` - *Type:* *string \`CfnFargateProfile.LabelProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value) --- ### LaunchTemplateSpec Launch template property specification. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.LaunchTemplateSpec { Id: *string, Version: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Id | *string | The Launch template ID. | | Version | *string | The launch template version to be used (optional). | --- ##### \`Id\`Required \`\`\`go Id *string \`\`\` - *Type:* *string The Launch template ID. --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string - *Default:* the default version of the launch template The launch template version to be used (optional). --- ### LaunchTemplateSpecificationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.LaunchTemplateSpecificationProperty { Id: *string, Name: *string, Version: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Id | *string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. | | Name | *string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. | | Version | *string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. | --- ##### \`Id\`Optional \`\`\`go Id *string \`\`\` - *Type:* *string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id) --- ##### \`Name\`Optional \`\`\`go Name *string \`\`\` - *Type:* *string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name) --- ##### \`Version\`Optional \`\`\`go Version *string \`\`\` - *Type:* *string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version) --- ### NodegroupOptions The Nodegroup Options for addNodeGroup() method. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.NodegroupOptions { AmiType: github.com/aws/aws-cdk-go/awscdk.aws_eks.NodegroupAmiType, CapacityType: github.com/aws/aws-cdk-go/awscdk.aws_eks.CapacityType, DesiredSize: *f64, DiskSize: *f64, ForceUpdate: *bool, InstanceType: github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType, InstanceTypes: *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType, Labels: *map[string]*string, LaunchTemplateSpec: github.com/aws/aws-cdk-go/awscdk.aws_eks.LaunchTemplateSpec, MaxSize: *f64, MinSize: *f64, NodegroupName: *string, NodeRole: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, ReleaseVersion: *string, RemoteAccess: github.com/aws/aws-cdk-go/awscdk.aws_eks.NodegroupRemoteAccess, Subnets: github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection, Tags: *map[string]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AmiType | NodegroupAmiType | The AMI type for your node group. | | CapacityType | CapacityType | The capacity type of the nodegroup. | | DesiredSize | *f64 | The current number of worker nodes that the managed node group should maintain. | | DiskSize | *f64 | The root device disk size (in GiB) for your node group instances. | | ForceUpdate | *bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | InstanceType | github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType | The instance type to use for your node group. | | InstanceTypes | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType | The instance types to use for your node group. | | Labels | *map[string]*string | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | LaunchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | MaxSize | *f64 | The maximum number of worker nodes that the managed node group can scale out to. | | MinSize | *f64 | The minimum number of worker nodes that the managed node group can scale in to. | | NodegroupName | *string | Name of the Nodegroup. | | NodeRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | The IAM role to associate with your node group. | | ReleaseVersion | *string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | RemoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | Subnets | github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | Tags | *map[string]*string | The metadata to apply to the node group to assist with categorization and organization. | --- ##### \`AmiType\`Optional \`\`\`go AmiType NodegroupAmiType \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`CapacityType\`Optional \`\`\`go CapacityType CapacityType \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`DesiredSize\`Optional \`\`\`go DesiredSize *f64 \`\`\` - *Type:* *f64 - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`DiskSize\`Optional \`\`\`go DiskSize *f64 \`\`\` - *Type:* *f64 - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`ForceUpdate\`Optional \`\`\`go ForceUpdate *bool \`\`\` - *Type:* *bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### ~~\`InstanceType\`~~Optional - *Deprecated:* Use \`instanceTypes\` instead. \`\`\`go InstanceType InstanceType \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType - *Default:* t3.medium The instance type to use for your node group. Currently, you can specify a single instance type for a node group. The default value for this parameter is \`t3.medium\`. If you choose a GPU instance type, be sure to specify the \`AL2_x86_64_GPU\` with the amiType parameter. --- ##### \`InstanceTypes\`Optional \`\`\`go InstanceTypes *[]InstanceType \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`go Labels *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`LaunchTemplateSpec\`Optional \`\`\`go LaunchTemplateSpec LaunchTemplateSpec \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`MaxSize\`Optional \`\`\`go MaxSize *f64 \`\`\` - *Type:* *f64 - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`MinSize\`Optional \`\`\`go MinSize *f64 \`\`\` - *Type:* *f64 - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`NodegroupName\`Optional \`\`\`go NodegroupName *string \`\`\` - *Type:* *string - *Default:* resource ID Name of the Nodegroup. --- ##### \`NodeRole\`Optional \`\`\`go NodeRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`ReleaseVersion\`Optional \`\`\`go ReleaseVersion *string \`\`\` - *Type:* *string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`RemoteAccess\`Optional \`\`\`go RemoteAccess NodegroupRemoteAccess \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`Subnets\`Optional \`\`\`go Subnets SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`Tags\`Optional \`\`\`go Tags *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ### NodegroupProps NodeGroup properties interface. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.NodegroupProps { AmiType: github.com/aws/aws-cdk-go/awscdk.aws_eks.NodegroupAmiType, CapacityType: github.com/aws/aws-cdk-go/awscdk.aws_eks.CapacityType, DesiredSize: *f64, DiskSize: *f64, ForceUpdate: *bool, InstanceType: github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType, InstanceTypes: *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType, Labels: *map[string]*string, LaunchTemplateSpec: github.com/aws/aws-cdk-go/awscdk.aws_eks.LaunchTemplateSpec, MaxSize: *f64, MinSize: *f64, NodegroupName: *string, NodeRole: github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole, ReleaseVersion: *string, RemoteAccess: github.com/aws/aws-cdk-go/awscdk.aws_eks.NodegroupRemoteAccess, Subnets: github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection, Tags: *map[string]*string, Cluster: github.com/aws/aws-cdk-go/awscdk.aws_eks.ICluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | AmiType | NodegroupAmiType | The AMI type for your node group. | | CapacityType | CapacityType | The capacity type of the nodegroup. | | DesiredSize | *f64 | The current number of worker nodes that the managed node group should maintain. | | DiskSize | *f64 | The root device disk size (in GiB) for your node group instances. | | ForceUpdate | *bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | InstanceType | github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType | The instance type to use for your node group. | | InstanceTypes | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType | The instance types to use for your node group. | | Labels | *map[string]*string | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | LaunchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | MaxSize | *f64 | The maximum number of worker nodes that the managed node group can scale out to. | | MinSize | *f64 | The minimum number of worker nodes that the managed node group can scale in to. | | NodegroupName | *string | Name of the Nodegroup. | | NodeRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | The IAM role to associate with your node group. | | ReleaseVersion | *string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | RemoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | Subnets | github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | Tags | *map[string]*string | The metadata to apply to the node group to assist with categorization and organization. | | Cluster | ICluster | Cluster resource. | --- ##### \`AmiType\`Optional \`\`\`go AmiType NodegroupAmiType \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`CapacityType\`Optional \`\`\`go CapacityType CapacityType \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`DesiredSize\`Optional \`\`\`go DesiredSize *f64 \`\`\` - *Type:* *f64 - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`DiskSize\`Optional \`\`\`go DiskSize *f64 \`\`\` - *Type:* *f64 - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`ForceUpdate\`Optional \`\`\`go ForceUpdate *bool \`\`\` - *Type:* *bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### ~~\`InstanceType\`~~Optional - *Deprecated:* Use \`instanceTypes\` instead. \`\`\`go InstanceType InstanceType \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType - *Default:* t3.medium The instance type to use for your node group. Currently, you can specify a single instance type for a node group. The default value for this parameter is \`t3.medium\`. If you choose a GPU instance type, be sure to specify the \`AL2_x86_64_GPU\` with the amiType parameter. --- ##### \`InstanceTypes\`Optional \`\`\`go InstanceTypes *[]InstanceType \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.InstanceType - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`Labels\`Optional \`\`\`go Labels *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`LaunchTemplateSpec\`Optional \`\`\`go LaunchTemplateSpec LaunchTemplateSpec \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`MaxSize\`Optional \`\`\`go MaxSize *f64 \`\`\` - *Type:* *f64 - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`MinSize\`Optional \`\`\`go MinSize *f64 \`\`\` - *Type:* *f64 - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`NodegroupName\`Optional \`\`\`go NodegroupName *string \`\`\` - *Type:* *string - *Default:* resource ID Name of the Nodegroup. --- ##### \`NodeRole\`Optional \`\`\`go NodeRole IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`ReleaseVersion\`Optional \`\`\`go ReleaseVersion *string \`\`\` - *Type:* *string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`RemoteAccess\`Optional \`\`\`go RemoteAccess NodegroupRemoteAccess \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`Subnets\`Optional \`\`\`go Subnets SubnetSelection \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`Tags\`Optional \`\`\`go Tags *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster Cluster resource. --- ### NodegroupRemoteAccess The remote access (SSH) configuration to use with your node group. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.NodegroupRemoteAccess { SshKeyName: *string, SourceSecurityGroups: *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | SshKeyName | *string | The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. | | SourceSecurityGroups | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | The security groups that are allowed SSH access (port 22) to the worker nodes. | --- ##### \`SshKeyName\`Required \`\`\`go SshKeyName *string \`\`\` - *Type:* *string The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. --- ##### \`SourceSecurityGroups\`Optional \`\`\`go SourceSecurityGroups *[]ISecurityGroup \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup - *Default:* port 22 on the worker nodes is opened to the internet (0.0.0.0/0) The security groups that are allowed SSH access (port 22) to the worker nodes. If you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0). --- ### OpenIdConnectProviderProps Initialization properties for \`OpenIdConnectProvider\`. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.OpenIdConnectProviderProps { Url: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Url | *string | The URL of the identity provider. | --- ##### \`Url\`Required \`\`\`go Url *string \`\`\` - *Type:* *string The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- ### ProviderProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.ProviderProperty { KeyArn: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | KeyArn | *string | \`CfnCluster.ProviderProperty.KeyArn\`. | --- ##### \`KeyArn\`Optional \`\`\`go KeyArn *string \`\`\` - *Type:* *string \`CfnCluster.ProviderProperty.KeyArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn) --- ### RemoteAccessProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.RemoteAccessProperty { Ec2SshKey: *string, SourceSecurityGroups: *[]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Ec2SshKey | *string | \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. | | SourceSecurityGroups | *[]*string | \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. | --- ##### \`Ec2SshKey\`Required \`\`\`go Ec2SshKey *string \`\`\` - *Type:* *string \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey) --- ##### \`SourceSecurityGroups\`Optional \`\`\`go SourceSecurityGroups *[]*string \`\`\` - *Type:* *[]*string \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups) --- ### ResourcesVpcConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.ResourcesVpcConfigProperty { SubnetIds: *[]*string, SecurityGroupIds: *[]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | SubnetIds | *[]*string | \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. | | SecurityGroupIds | *[]*string | \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. | --- ##### \`SubnetIds\`Required \`\`\`go SubnetIds *[]*string \`\`\` - *Type:* *[]*string \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids) --- ##### \`SecurityGroupIds\`Optional \`\`\`go SecurityGroupIds *[]*string \`\`\` - *Type:* *[]*string \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids) --- ### ScalingConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.ScalingConfigProperty { DesiredSize: *f64, MaxSize: *f64, MinSize: *f64, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | DesiredSize | *f64 | \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. | | MaxSize | *f64 | \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. | | MinSize | *f64 | \`CfnNodegroup.ScalingConfigProperty.MinSize\`. | --- ##### \`DesiredSize\`Optional \`\`\`go DesiredSize *f64 \`\`\` - *Type:* *f64 \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize) --- ##### \`MaxSize\`Optional \`\`\`go MaxSize *f64 \`\`\` - *Type:* *f64 \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize) --- ##### \`MinSize\`Optional \`\`\`go MinSize *f64 \`\`\` - *Type:* *f64 \`CfnNodegroup.ScalingConfigProperty.MinSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize) --- ### Selector Fargate profile selector. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.Selector { Namespace: *string, Labels: *map[string]*string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | *string | The Kubernetes namespace that the selector should match. | | Labels | *map[string]*string | The Kubernetes labels that the selector should match. | --- ##### \`Namespace\`Required \`\`\`go Namespace *string \`\`\` - *Type:* *string The Kubernetes namespace that the selector should match. You must specify a namespace for a selector. The selector only matches pods that are created in this namespace, but you can create multiple selectors to target multiple namespaces. --- ##### \`Labels\`Optional \`\`\`go Labels *map[string]*string \`\`\` - *Type:* *map[string]*string - *Default:* all pods within the namespace will be selected. The Kubernetes labels that the selector should match. A pod must contain all of the labels that are specified in the selector for it to be considered a match. --- ### SelectorProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.SelectorProperty { Namespace: *string, Labels: interface{}, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | *string | \`CfnFargateProfile.SelectorProperty.Namespace\`. | | Labels | interface{} | \`CfnFargateProfile.SelectorProperty.Labels\`. | --- ##### \`Namespace\`Required \`\`\`go Namespace *string \`\`\` - *Type:* *string \`CfnFargateProfile.SelectorProperty.Namespace\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace) --- ##### \`Labels\`Optional \`\`\`go Labels interface{} \`\`\` - *Type:* interface{} \`CfnFargateProfile.SelectorProperty.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels) --- ### ServiceAccountOptions Options for \`ServiceAccount\`. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.ServiceAccountOptions { Name: *string, Namespace: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Name | *string | The name of the service account. | | Namespace | *string | The namespace of the service account. | --- ##### \`Name\`Optional \`\`\`go Name *string \`\`\` - *Type:* *string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* "default" The namespace of the service account. --- ### ServiceAccountProps Properties for defining service accounts. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.ServiceAccountProps { Name: *string, Namespace: *string, Cluster: github.com/aws/aws-cdk-go/awscdk.aws_eks.ICluster, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Name | *string | The name of the service account. | | Namespace | *string | The namespace of the service account. | | Cluster | ICluster | The cluster to apply the patch to. | --- ##### \`Name\`Optional \`\`\`go Name *string \`\`\` - *Type:* *string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* "default" The namespace of the service account. --- ##### \`Cluster\`Required \`\`\`go Cluster ICluster \`\`\` - *Type:* ICluster The cluster to apply the patch to. --- ### ServiceLoadBalancerAddressOptions Options for fetching a ServiceLoadBalancerAddress. #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.ServiceLoadBalancerAddressOptions { Namespace: *string, Timeout: github.com/aws/aws-cdk-go/awscdk.Duration, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Namespace | *string | The namespace the service belongs to. | | Timeout | github.com/aws/aws-cdk-go/awscdk.Duration | Timeout for waiting on the load balancer address. | --- ##### \`Namespace\`Optional \`\`\`go Namespace *string \`\`\` - *Type:* *string - *Default:* 'default' The namespace the service belongs to. --- ##### \`Timeout\`Optional \`\`\`go Timeout Duration \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- ### TaintProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html) #### Initializer \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" &awseks.TaintProperty { Effect: *string, Key: *string, Value: *string, } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Effect | *string | \`CfnNodegroup.TaintProperty.Effect\`. | | Key | *string | \`CfnNodegroup.TaintProperty.Key\`. | | Value | *string | \`CfnNodegroup.TaintProperty.Value\`. | --- ##### \`Effect\`Optional \`\`\`go Effect *string \`\`\` - *Type:* *string \`CfnNodegroup.TaintProperty.Effect\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect) --- ##### \`Key\`Optional \`\`\`go Key *string \`\`\` - *Type:* *string \`CfnNodegroup.TaintProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key) --- ##### \`Value\`Optional \`\`\`go Value *string \`\`\` - *Type:* *string \`CfnNodegroup.TaintProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value) --- ## Classes ### EksOptimizedImage - *Implements:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IMachineImage Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM. #### Initializers \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.NewEksOptimizedImage(props EksOptimizedImageProps) EksOptimizedImage \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | props | EksOptimizedImageProps | *No description.* | --- ##### \`props\`Optional - *Type:* EksOptimizedImageProps --- #### Methods | **Name** | **Description** | | --- | --- | | GetImage | Return the correct image. | --- ##### \`GetImage\` \`\`\`go func GetImage(scope Construct) MachineImageConfig \`\`\` Return the correct image. ###### \`scope\`Required - *Type:* github.com/aws/aws-cdk-go/awscdk.Construct --- ### EndpointAccess Endpoint access characteristics. #### Methods | **Name** | **Description** | | --- | --- | | OnlyFrom | Restrict public access to specific CIDR blocks. | --- ##### \`OnlyFrom\` \`\`\`go func OnlyFrom(cidr *string) EndpointAccess \`\`\` Restrict public access to specific CIDR blocks. If public access is disabled, this method will result in an error. ###### \`cidr\`Required - *Type:* *string CIDR blocks. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | Private | EndpointAccess | The cluster endpoint is only accessible through your VPC. | | Public | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | | PublicAndPrivate | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | --- ##### \`Private\`Required \`\`\`go func Private() EndpointAccess \`\`\` - *Type:* EndpointAccess The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC. --- ##### \`Public\`Required \`\`\`go func Public() EndpointAccess \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic will leave your VPC to connect to the endpoint. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ##### \`PublicAndPrivate\`Required \`\`\`go func PublicAndPrivate() EndpointAccess \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic to the endpoint will stay within your VPC. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC_AND_PRIVATE.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ### KubernetesVersion Kubernetes cluster version. #### Static Functions | **Name** | **Description** | | --- | --- | | Of | Custom cluster version. | --- ##### \`Of\` \`\`\`go import "github.com/aws/aws-cdk-go/awscdk/awseks" awseks.KubernetesVersion_Of(version *string) KubernetesVersion \`\`\` Custom cluster version. ###### \`version\`Required - *Type:* *string custom version number. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Version | *string | cluster version number. | --- ##### \`Version\`Required \`\`\`go func Version() *string \`\`\` - *Type:* *string cluster version number. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | V114 | KubernetesVersion | Kubernetes version 1.14. | | V115 | KubernetesVersion | Kubernetes version 1.15. | | V116 | KubernetesVersion | Kubernetes version 1.16. | | V117 | KubernetesVersion | Kubernetes version 1.17. | | V118 | KubernetesVersion | Kubernetes version 1.18. | | V119 | KubernetesVersion | Kubernetes version 1.19. | --- ##### \`V114\`Required \`\`\`go func V114() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.14. --- ##### \`V115\`Required \`\`\`go func V115() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.15. --- ##### \`V116\`Required \`\`\`go func V116() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.16. --- ##### \`V117\`Required \`\`\`go func V117() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.17. --- ##### \`V118\`Required \`\`\`go func V118() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.18. --- ##### \`V119\`Required \`\`\`go func V119() KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.19. --- ## Protocols ### ICluster - *Extends:* github.com/aws/aws-cdk-go/awscdk.IResource, github.com/aws/aws-cdk-go/awscdk.aws_ec2.IConnectable - *Implemented By:* Cluster, FargateCluster, ICluster An EKS cluster. #### Methods | **Name** | **Description** | | --- | --- | | AddCdk8sChart | Defines a CDK8s chart in this cluster. | | AddHelmChart | Defines a Helm chart in this cluster. | | AddManifest | Defines a Kubernetes resource in this cluster. | | AddServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | --- ##### \`AddCdk8sChart\` \`\`\`go func AddCdk8sChart(id *string, chart Construct) KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`chart\`Required - *Type:* github.com/aws/constructs-go/constructs/v10.Construct the cdk8s chart. --- ##### \`AddHelmChart\` \`\`\`go func AddHelmChart(id *string, options HelmChartOptions) HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* *string logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`AddManifest\` \`\`\`go func AddManifest(id *string, manifest *map[string]interface{}) KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* *string logical id of this manifest. --- ###### \`manifest\`Required - *Type:* *map[string]interface{} a list of Kubernetes resource specifications. --- ##### \`AddServiceAccount\` \`\`\`go func AddServiceAccount(id *string, options ServiceAccountOptions) ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* *string logical id of service account. --- ###### \`options\`Optional - *Type:* ServiceAccountOptions service account options. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node for this construct. | | Env | github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this resource is defined. | | Connections | github.com/aws/aws-cdk-go/awscdk.aws_ec2.Connections | *No description.* | | ClusterArn | *string | The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. | | ClusterCertificateAuthorityData | *string | The certificate-authority-data for your cluster. | | ClusterEncryptionConfigKeyArn | *string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | ClusterEndpoint | *string | The API Server endpoint URL. | | ClusterName | *string | The physical name of the Cluster. | | ClusterSecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | ClusterSecurityGroupId | *string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | OpenIdConnectProvider | github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider | The Open ID Connect Provider of the cluster used to configure Service Accounts. | | Prune | *bool | Indicates whether Kubernetes resources can be automatically pruned. | | Vpc | github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc | The VPC in which this Cluster was created. | | KubectlEnvironment | *map[string]*string | Custom environment variables when running \`kubectl\` against this cluster. | | KubectlLayer | github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion | An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. | | KubectlMemory | github.com/aws/aws-cdk-go/awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | KubectlPrivateSubnets | *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnet | Subnets to host the \`kubectl\` compute resources. | | KubectlRole | github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | KubectlSecurityGroup | github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node for this construct. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this resource is defined. --- ##### \`Connections\`Required \`\`\`go func Connections() Connections \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.Connections --- ##### \`ClusterArn\`Required \`\`\`go func ClusterArn() *string \`\`\` - *Type:* *string The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. --- ##### \`ClusterCertificateAuthorityData\`Required \`\`\`go func ClusterCertificateAuthorityData() *string \`\`\` - *Type:* *string The certificate-authority-data for your cluster. --- ##### \`ClusterEncryptionConfigKeyArn\`Required \`\`\`go func ClusterEncryptionConfigKeyArn() *string \`\`\` - *Type:* *string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`ClusterEndpoint\`Required \`\`\`go func ClusterEndpoint() *string \`\`\` - *Type:* *string The API Server endpoint URL. --- ##### \`ClusterName\`Required \`\`\`go func ClusterName() *string \`\`\` - *Type:* *string The physical name of the Cluster. --- ##### \`ClusterSecurityGroup\`Required \`\`\`go func ClusterSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`ClusterSecurityGroupId\`Required \`\`\`go func ClusterSecurityGroupId() *string \`\`\` - *Type:* *string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`OpenIdConnectProvider\`Required \`\`\`go func OpenIdConnectProvider() IOpenIdConnectProvider \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IOpenIdConnectProvider The Open ID Connect Provider of the cluster used to configure Service Accounts. --- ##### \`Prune\`Required \`\`\`go func Prune() *bool \`\`\` - *Type:* *bool Indicates whether Kubernetes resources can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`Vpc\`Required \`\`\`go func Vpc() IVpc \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`KubectlEnvironment\`Optional \`\`\`go func KubectlEnvironment() *map[string]*string \`\`\` - *Type:* *map[string]*string Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`KubectlLayer\`Optional \`\`\`go func KubectlLayer() ILayerVersion \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_lambda.ILayerVersion An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. If not defined, a default layer will be used. --- ##### \`KubectlMemory\`Optional \`\`\`go func KubectlMemory() Size \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Size Amount of memory to allocate to the provider's lambda function. --- ##### \`KubectlPrivateSubnets\`Optional \`\`\`go func KubectlPrivateSubnets() *[]ISubnet \`\`\` - *Type:* *[]github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISubnet Subnets to host the \`kubectl\` compute resources. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ##### \`KubectlRole\`Optional \`\`\`go func KubectlRole() IRole \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`KubectlSecurityGroup\`Optional \`\`\`go func KubectlSecurityGroup() ISecurityGroup \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.aws_ec2.ISecurityGroup A security group to use for \`kubectl\` execution. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ### INodegroup - *Extends:* github.com/aws/aws-cdk-go/awscdk.IResource - *Implemented By:* Nodegroup, INodegroup NodeGroup interface. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | Node | github.com/aws/aws-cdk-go/awscdk.ConstructNode | The construct tree node for this construct. | | Env | github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment | The environment this resource belongs to. | | Stack | github.com/aws/aws-cdk-go/awscdk.Stack | The stack in which this resource is defined. | | NodegroupName | *string | Name of the nodegroup. | --- ##### \`Node\`Required \`\`\`go func Node() ConstructNode \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ConstructNode The construct tree node for this construct. --- ##### \`Env\`Required \`\`\`go func Env() ResourceEnvironment \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`Stack\`Required \`\`\`go func Stack() Stack \`\`\` - *Type:* github.com/aws/aws-cdk-go/awscdk.Stack The stack in which this resource is defined. --- ##### \`NodegroupName\`Required \`\`\`go func NodegroupName() *string \`\`\` - *Type:* *string Name of the nodegroup. --- ## Enums ### CapacityType Capacity type of the managed node group. #### Members | **Name** | **Description** | | --- | --- | | CapacityType_SPOT | spot instances. | | CapacityType_ON_DEMAND | on-demand instances. | --- ##### \`CapacityType_SPOT\` spot instances. --- ##### \`CapacityType_ON_DEMAND\` on-demand instances. --- ### CoreDnsComputeType The type of compute resources to use for CoreDNS. #### Members | **Name** | **Description** | | --- | --- | | CoreDnsComputeType_EC2 | Deploy CoreDNS on EC2 instances. | | CoreDnsComputeType_FARGATE | Deploy CoreDNS on Fargate-managed instances. | --- ##### \`CoreDnsComputeType_EC2\` Deploy CoreDNS on EC2 instances. --- ##### \`CoreDnsComputeType_FARGATE\` Deploy CoreDNS on Fargate-managed instances. --- ### CpuArch CPU architecture. #### Members | **Name** | **Description** | | --- | --- | | CpuArch_ARM_64 | arm64 CPU type. | | CpuArch_X86_64 | x86_64 CPU type. | --- ##### \`CpuArch_ARM_64\` arm64 CPU type. --- ##### \`CpuArch_X86_64\` x86_64 CPU type. --- ### DefaultCapacityType The default capacity type for the cluster. #### Members | **Name** | **Description** | | --- | --- | | DefaultCapacityType_NODEGROUP | managed node group. | | DefaultCapacityType_EC2 | EC2 autoscaling group. | --- ##### \`DefaultCapacityType_NODEGROUP\` managed node group. --- ##### \`DefaultCapacityType_EC2\` EC2 autoscaling group. --- ### MachineImageType The machine image type. #### Members | **Name** | **Description** | | --- | --- | | MachineImageType_AMAZON_LINUX_2 | Amazon EKS-optimized Linux AMI. | | MachineImageType_BOTTLEROCKET | Bottlerocket AMI. | --- ##### \`MachineImageType_AMAZON_LINUX_2\` Amazon EKS-optimized Linux AMI. --- ##### \`MachineImageType_BOTTLEROCKET\` Bottlerocket AMI. --- ### NodegroupAmiType The AMI type for your node group. GPU instance types should use the \`AL2_x86_64_GPU\` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the \`AL2_x86_64\` AMI type, which uses the Amazon EKS-optimized Linux AMI. #### Members | **Name** | **Description** | | --- | --- | | NodegroupAmiType_AL2_X86_64 | Amazon Linux 2 (x86-64). | | NodegroupAmiType_AL2_X86_64_GPU | Amazon Linux 2 with GPU support. | | NodegroupAmiType_AL2_ARM_64 | Amazon Linux 2 (ARM-64). | --- ##### \`NodegroupAmiType_AL2_X86_64\` Amazon Linux 2 (x86-64). --- ##### \`NodegroupAmiType_AL2_X86_64_GPU\` Amazon Linux 2 with GPU support. --- ##### \`NodegroupAmiType_AL2_ARM_64\` Amazon Linux 2 (ARM-64). --- ### NodeType Whether the worker nodes should support GPU or just standard instances. #### Members | **Name** | **Description** | | --- | --- | | NodeType_STANDARD | Standard instances. | | NodeType_GPU | GPU instances. | | NodeType_INFERENTIA | Inferentia instances. | --- ##### \`NodeType_STANDARD\` Standard instances. --- ##### \`NodeType_GPU\` GPU instances. --- ##### \`NodeType_INFERENTIA\` Inferentia instances. --- ### PatchType Values for \`kubectl patch\` --type argument. #### Members | **Name** | **Description** | | --- | --- | | PatchType_JSON | JSON Patch, RFC 6902. | | PatchType_MERGE | JSON Merge patch. | | PatchType_STRATEGIC | Strategic merge patch. | --- ##### \`PatchType_JSON\` JSON Patch, RFC 6902. --- ##### \`PatchType_MERGE\` JSON Merge patch. --- ##### \`PatchType_STRATEGIC\` Strategic merge patch. --- " `; exports[`java for package 1`] = ` "# Amazon ECR Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This package contains constructs for working with Amazon Elastic Container Registry. ## Repositories Define a repository by creating a new instance of \`Repository\`. A repository holds multiple verions of a single container image. \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object repository = new Repository(this, "Repository"); \`\`\` ## Image scanning Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable \`imageScanOnPush\` in the properties \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object repository = Repository.Builder.create(stack, "Repo") .imageScanOnPush(true) .build(); \`\`\` To create an \`onImageScanCompleted\` event rule and trigger the event target \`\`\`java // Example automatically generated from non-compiling source. May contain errors. repository.onImageScanCompleted("ImageScanComplete").addTarget(...); \`\`\` ### Authorization Token Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the \`GetAuthorizationToken\` ECR API. The following code snippets grants an IAM user access to call this API. \`\`\`java // Example automatically generated from non-compiling source. May contain errors. import software.amazon.awscdk.services.iam.*; import software.amazon.awscdk.services.ecr.*; User user = new User(this, "User", new UserProps()...); AuthorizationToken.grantRead(user); \`\`\` If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits. > See \`Pricing\` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html). The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery. \`\`\`java // Example automatically generated from non-compiling source. May contain errors. import software.amazon.awscdk.services.iam.*; import software.amazon.awscdk.services.ecr.*; User user = new User(this, "User", new UserProps()...); PublicGalleryAuthorizationToken.grantRead(user); \`\`\` This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth). ### Image tag immutability You can set tag immutability on images in our repository using the \`imageTagMutability\` construct prop. \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Repository.Builder.create(stack, "Repo").imageTagMutability(ecr.getTagMutability().getIMMUTABLE()).build(); \`\`\` ## Automatically clean up repositories You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here): \`\`\`java // Example automatically generated from non-compiling source. May contain errors. repository.addLifecycleRule(Map.of("tagPrefixList", List.of("prod"), "maxImageCount", 9999)); repository.addLifecycleRule(Map.of("maxImageAge", cdk.Duration.days(30))); \`\`\` # API Reference ## Constructs ### CfnPublicRepository - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepository; CfnPublicRepository.Builder.create(Construct scope, java.lang.String id) // .repositoryCatalogData(java.lang.Object) // .repositoryName(java.lang.String) // .repositoryPolicyText(java.lang.Object) // .tags(java.util.List) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | repositoryCatalogData | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryName | java.lang.String | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | java.util.List | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`repositoryCatalogData\`Optional - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryName\`Optional - *Type:* java.lang.String \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repositoryPolicyText\`Optional - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional - *Type:* java.util.List \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepository; CfnPublicRepository.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepository; CfnPublicRepository.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepository; CfnPublicRepository.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | tags | software.amazon.awscdk.core.TagManager | \`AWS::ECR::PublicRepository.Tags\`. | | repositoryCatalogData | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | repositoryName | java.lang.String | \`AWS::ECR::PublicRepository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.core.TagManager \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ##### \`repositoryCatalogData\`Required \`\`\`java public java.lang.Object getRepositoryCatalogData(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryPolicyText\`Required \`\`\`java public java.lang.Object getRepositoryPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnRegistryPolicy - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicy; CfnRegistryPolicy.Builder.create(Construct scope, java.lang.String id) .policyText(java.lang.Object) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | policyText | java.lang.Object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`policyText\`Required - *Type:* java.lang.Object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicy; CfnRegistryPolicy.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicy; CfnRegistryPolicy.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicy; CfnRegistryPolicy.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrRegistryId | java.lang.String | *No description.* | | policyText | java.lang.Object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrRegistryId\`Required \`\`\`java public java.lang.String getAttrRegistryId(); \`\`\` - *Type:* java.lang.String --- ##### \`policyText\`Required \`\`\`java public java.lang.Object getPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnReplicationConfiguration - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration; CfnReplicationConfiguration.Builder.create(Construct scope, java.lang.String id) .replicationConfiguration(IResolvable) .replicationConfiguration(ReplicationConfigurationProperty) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | replicationConfiguration | software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`replicationConfiguration\`Required - *Type:* software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration; CfnReplicationConfiguration.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration; CfnReplicationConfiguration.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration; CfnReplicationConfiguration.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrRegistryId | java.lang.String | *No description.* | | replicationConfiguration | software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrRegistryId\`Required \`\`\`java public java.lang.String getAttrRegistryId(); \`\`\` - *Type:* java.lang.String --- ##### \`replicationConfiguration\`Required \`\`\`java public java.lang.Object getReplicationConfiguration(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnRepository - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository; CfnRepository.Builder.create(Construct scope, java.lang.String id) // .encryptionConfiguration(java.lang.Object) // .imageScanningConfiguration(java.lang.Object) // .imageTagMutability(java.lang.String) // .lifecyclePolicy(IResolvable) // .lifecyclePolicy(LifecyclePolicyProperty) // .repositoryName(java.lang.String) // .repositoryPolicyText(java.lang.Object) // .tags(java.util.List) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | encryptionConfiguration | java.lang.Object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | java.lang.Object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | imageTagMutability | java.lang.String | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | java.lang.String | \`AWS::ECR::Repository.RepositoryName\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | java.util.List | \`AWS::ECR::Repository.Tags\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`encryptionConfiguration\`Optional - *Type:* java.lang.Object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Optional - *Type:* java.lang.Object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`imageTagMutability\`Optional - *Type:* java.lang.String \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional - *Type:* software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional - *Type:* java.lang.String \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repositoryPolicyText\`Optional - *Type:* java.lang.Object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional - *Type:* java.util.List \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository; CfnRepository.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository; CfnRepository.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository; CfnRepository.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | attrRepositoryUri | java.lang.String | *No description.* | | tags | software.amazon.awscdk.core.TagManager | \`AWS::ECR::Repository.Tags\`. | | encryptionConfiguration | java.lang.Object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | java.lang.Object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | imageTagMutability | java.lang.String | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | java.lang.String | \`AWS::ECR::Repository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`attrRepositoryUri\`Required \`\`\`java public java.lang.String getAttrRepositoryUri(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.core.TagManager \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ##### \`encryptionConfiguration\`Required \`\`\`java public java.lang.Object getEncryptionConfiguration(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Required \`\`\`java public java.lang.Object getImageScanningConfiguration(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`repositoryPolicyText\`Required \`\`\`java public java.lang.Object getRepositoryPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`imageTagMutability\`Optional \`\`\`java public java.lang.String getImageTagMutability(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional \`\`\`java public java.lang.Object getLifecyclePolicy(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### Repository Define an ECR repository. #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.Builder.create(Construct scope, java.lang.String id) // .imageScanOnPush(java.lang.Boolean) // .imageTagMutability(TagMutability) // .lifecycleRegistryId(java.lang.String) // .lifecycleRules(java.util.List) // .removalPolicy(RemovalPolicy) // .repositoryName(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | imageScanOnPush | java.lang.Boolean | Enable the scan on push when creating the repository. | | imageTagMutability | TagMutability | The tag mutability setting for the repository. | | lifecycleRegistryId | java.lang.String | The AWS account ID associated with the registry that contains the repository. | | lifecycleRules | java.util.List<LifecycleRule> | Life cycle rules to apply to this registry. | | removalPolicy | software.amazon.awscdk.core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repositoryName | java.lang.String | Name for this repository. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`imageScanOnPush\`Optional - *Type:* java.lang.Boolean - *Default:* false Enable the scan on push when creating the repository. --- ##### \`imageTagMutability\`Optional - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycleRegistryId\`Optional - *Type:* java.lang.String - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycleRules\`Optional - *Type:* java.util.List<LifecycleRule> - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removalPolicy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repositoryName\`Optional - *Type:* java.lang.String - *Default:* Automatically generated name. Name for this repository. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to use the images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | addLifecycleRule | Add a life cycle rule to the repository. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ##### \`addToResourcePolicy\` \`\`\`java public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* software.amazon.awscdk.services.iam.PolicyStatement --- ##### \`grant\` \`\`\`java public Grant grant(IGrantable grantee, java.lang.String actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ###### \`actions\`Required - *Type:* java.lang.String --- ##### \`grantPull\` \`\`\`java public Grant grantPull(IGrantable grantee) \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`grantPullPush\` \`\`\`java public Grant grantPullPush(IGrantable grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`java public Rule onCloudTrailEvent(java.lang.String id) public Rule onCloudTrailEvent(java.lang.String id, OnEventOptions options) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`java public Rule onCloudTrailImagePushed(java.lang.String id) public Rule onCloudTrailImagePushed(java.lang.String id, OnCloudTrailImagePushedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`java public Rule onEvent(java.lang.String id) public Rule onEvent(java.lang.String id, OnEventOptions options) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`java public Rule onImageScanCompleted(java.lang.String id) public Rule onImageScanCompleted(java.lang.String id, OnImageScanCompletedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`java public java.lang.String repositoryUriForDigest() public java.lang.String repositoryUriForDigest(java.lang.String digest) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* java.lang.String Optional image digest. --- ##### \`repositoryUriForTag\` \`\`\`java public java.lang.String repositoryUriForTag() public java.lang.String repositoryUriForTag(java.lang.String tag) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* java.lang.String Optional image tag. --- ##### \`addLifecycleRule\` \`\`\`java public void addLifecycleRule(LifecycleRule rule) \`\`\` Add a life cycle rule to the repository. Life cycle rules automatically expire images from the repository that match certain conditions. ###### \`rule\`Required - *Type:* LifecycleRule --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | | arnForLocalRepository | Returns an ECR ARN for a repository that resides in the same account/region as the current stack. | | fromRepositoryArn | *No description.* | | fromRepositoryAttributes | Import a repository. | | fromRepositoryName | *No description.* | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.amazon.awscdk.core.IConstruct --- ##### \`arnForLocalRepository\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.arnForLocalRepository(java.lang.String repositoryName, IConstruct scope),Repository.arnForLocalRepository(java.lang.String repositoryName, IConstruct scope, java.lang.String account) \`\`\` Returns an ECR ARN for a repository that resides in the same account/region as the current stack. ###### \`repositoryName\`Required - *Type:* java.lang.String --- ###### \`scope\`Required - *Type:* software.constructs.IConstruct --- ###### \`account\`Optional - *Type:* java.lang.String --- ##### \`fromRepositoryArn\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.fromRepositoryArn(Construct scope, java.lang.String id, java.lang.String repositoryArn) \`\`\` ###### \`scope\`Required - *Type:* software.constructs.Construct --- ###### \`id\`Required - *Type:* java.lang.String --- ###### \`repositoryArn\`Required - *Type:* java.lang.String --- ##### \`fromRepositoryAttributes\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.fromRepositoryAttributes(Construct scope, java.lang.String id, RepositoryAttributes attrs) \`\`\` Import a repository. ###### \`scope\`Required - *Type:* software.constructs.Construct --- ###### \`id\`Required - *Type:* java.lang.String --- ###### \`attrs\`Required - *Type:* RepositoryAttributes --- ##### \`fromRepositoryName\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.fromRepositoryName(Construct scope, java.lang.String id, java.lang.String repositoryName) \`\`\` ###### \`scope\`Required - *Type:* software.constructs.Construct --- ###### \`id\`Required - *Type:* java.lang.String --- ###### \`repositoryName\`Required - *Type:* java.lang.String --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | repositoryArn | java.lang.String | The ARN of the repository. | | repositoryName | java.lang.String | The name of the repository. | | repositoryUri | java.lang.String | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`java public java.lang.String getRepositoryArn(); \`\`\` - *Type:* java.lang.String The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`java public java.lang.String getRepositoryUri(); \`\`\` - *Type:* java.lang.String The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ### RepositoryBase - *Implements:* IRepository Base class for ECR repository. Reused between imported repositories and owned repositories. #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryBase; RepositoryBase.Builder.create(Construct scope, java.lang.String id) // .account(java.lang.String) // .environmentFromArn(java.lang.String) // .physicalName(java.lang.String) // .region(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | account | java.lang.String | The AWS account ID this resource belongs to. | | environmentFromArn | java.lang.String | ARN to deduce region and account from. | | physicalName | java.lang.String | The value passed in by users to the physical name prop of the resource. | | region | java.lang.String | The AWS region this resource belongs to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`account\`Optional - *Type:* java.lang.String - *Default:* the resource is in the same account as the stack it belongs to The AWS account ID this resource belongs to. --- ##### \`environmentFromArn\`Optional - *Type:* java.lang.String - *Default:* take environment from \`account\`, \`region\` parameters, or use Stack environment. ARN to deduce region and account from. The ARN is parsed and the account and region are taken from the ARN. This should be used for imported resources. Cannot be supplied together with either \`account\` or \`region\`. --- ##### \`physicalName\`Optional - *Type:* java.lang.String - *Default:* The physical name will be allocated by CloudFormation at deployment time The value passed in by users to the physical name prop of the resource. \`undefined\` implies that a physical name will be allocated by CloudFormation during deployment. - a concrete value implies a specific physical name - \`PhysicalName.GENERATE_IF_NEEDED\` is a marker that indicates that a physical will only be generated by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation. --- ##### \`region\`Optional - *Type:* java.lang.String - *Default:* the resource is in the same region as the stack it belongs to The AWS region this resource belongs to. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to use the images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ##### \`addToResourcePolicy\` \`\`\`java public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* software.amazon.awscdk.services.iam.PolicyStatement --- ##### \`grant\` \`\`\`java public Grant grant(IGrantable grantee, java.lang.String actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ###### \`actions\`Required - *Type:* java.lang.String --- ##### \`grantPull\` \`\`\`java public Grant grantPull(IGrantable grantee) \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`grantPullPush\` \`\`\`java public Grant grantPullPush(IGrantable grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`java public Rule onCloudTrailEvent(java.lang.String id) public Rule onCloudTrailEvent(java.lang.String id, OnEventOptions options) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`java public Rule onCloudTrailImagePushed(java.lang.String id) public Rule onCloudTrailImagePushed(java.lang.String id, OnCloudTrailImagePushedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`java public Rule onEvent(java.lang.String id) public Rule onEvent(java.lang.String id, OnEventOptions options) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`java public Rule onImageScanCompleted(java.lang.String id) public Rule onImageScanCompleted(java.lang.String id, OnImageScanCompletedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`java public java.lang.String repositoryUriForDigest() public java.lang.String repositoryUriForDigest(java.lang.String digest) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* java.lang.String Optional image digest. --- ##### \`repositoryUriForTag\` \`\`\`java public java.lang.String repositoryUriForTag() public java.lang.String repositoryUriForTag(java.lang.String tag) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* java.lang.String Optional image tag. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryBase; RepositoryBase.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryBase; RepositoryBase.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.amazon.awscdk.core.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | repositoryArn | java.lang.String | The ARN of the repository. | | repositoryName | java.lang.String | The name of the repository. | | repositoryUri | java.lang.String | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`java public java.lang.String getRepositoryArn(); \`\`\` - *Type:* java.lang.String The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`java public java.lang.String getRepositoryUri(); \`\`\` - *Type:* java.lang.String The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Structs ### CfnPublicRepositoryProps Properties for defining a \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepositoryProps; CfnPublicRepositoryProps.builder() // .repositoryCatalogData(java.lang.Object) // .repositoryName(java.lang.String) // .repositoryPolicyText(java.lang.Object) // .tags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repositoryCatalogData | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryName | java.lang.String | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | java.util.List | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`repositoryCatalogData\`Optional \`\`\`java public java.lang.Object getRepositoryCatalogData(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repositoryPolicyText\`Optional \`\`\`java public java.lang.Object getRepositoryPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`java public java.util.List getTags(); \`\`\` - *Type:* java.util.List \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ### CfnRegistryPolicyProps Properties for defining a \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicyProps; CfnRegistryPolicyProps.builder() .policyText(java.lang.Object) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | policyText | java.lang.Object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`policyText\`Required \`\`\`java public java.lang.Object getPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- ### CfnReplicationConfigurationProps Properties for defining a \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfigurationProps; CfnReplicationConfigurationProps.builder() .replicationConfiguration(IResolvable) .replicationConfiguration(ReplicationConfigurationProperty) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | replicationConfiguration | software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`replicationConfiguration\`Required \`\`\`java public java.lang.Object getReplicationConfiguration(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- ### CfnRepositoryProps Properties for defining a \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepositoryProps; CfnRepositoryProps.builder() // .encryptionConfiguration(java.lang.Object) // .imageScanningConfiguration(java.lang.Object) // .imageTagMutability(java.lang.String) // .lifecyclePolicy(IResolvable) // .lifecyclePolicy(LifecyclePolicyProperty) // .repositoryName(java.lang.String) // .repositoryPolicyText(java.lang.Object) // .tags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | encryptionConfiguration | java.lang.Object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | java.lang.Object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | imageTagMutability | java.lang.String | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | java.lang.String | \`AWS::ECR::Repository.RepositoryName\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | java.util.List | \`AWS::ECR::Repository.Tags\`. | --- ##### \`encryptionConfiguration\`Optional \`\`\`java public java.lang.Object getEncryptionConfiguration(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Optional \`\`\`java public java.lang.Object getImageScanningConfiguration(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`imageTagMutability\`Optional \`\`\`java public java.lang.String getImageTagMutability(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional \`\`\`java public java.lang.Object getLifecyclePolicy(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repositoryPolicyText\`Optional \`\`\`java public java.lang.Object getRepositoryPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`java public java.util.List getTags(); \`\`\` - *Type:* java.util.List \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ### LifecyclePolicyProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository.LifecyclePolicyProperty; LifecyclePolicyProperty.builder() // .lifecyclePolicyText(java.lang.String) // .registryId(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | lifecyclePolicyText | java.lang.String | \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. | | registryId | java.lang.String | \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. | --- ##### \`lifecyclePolicyText\`Optional \`\`\`java public java.lang.String getLifecyclePolicyText(); \`\`\` - *Type:* java.lang.String \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext) --- ##### \`registryId\`Optional \`\`\`java public java.lang.String getRegistryId(); \`\`\` - *Type:* java.lang.String \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid) --- ### LifecycleRule An ECR life cycle rule. #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.LifecycleRule; LifecycleRule.builder() // .description(java.lang.String) // .maxImageAge(Duration) // .maxImageCount(java.lang.Number) // .rulePriority(java.lang.Number) // .tagPrefixList(java.util.List) // .tagStatus(TagStatus) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | java.lang.String | Describes the purpose of the rule. | | maxImageAge | software.amazon.awscdk.core.Duration | The maximum age of images to retain. The value must represent a number of days. | | maxImageCount | java.lang.Number | The maximum number of images to retain. | | rulePriority | java.lang.Number | Controls the order in which rules are evaluated (low to high). | | tagPrefixList | java.util.List | Select images that have ALL the given prefixes in their tag. | | tagStatus | TagStatus | Select images based on tags. | --- ##### \`description\`Optional \`\`\`java public java.lang.String getDescription(); \`\`\` - *Type:* java.lang.String - *Default:* No description Describes the purpose of the rule. --- ##### \`maxImageAge\`Optional \`\`\`java public Duration getMaxImageAge(); \`\`\` - *Type:* software.amazon.awscdk.core.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`maxImageCount\`Optional \`\`\`java public java.lang.Number getMaxImageCount(); \`\`\` - *Type:* java.lang.Number The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`rulePriority\`Optional \`\`\`java public java.lang.Number getRulePriority(); \`\`\` - *Type:* java.lang.Number - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ##### \`tagPrefixList\`Optional \`\`\`java public java.util.List getTagPrefixList(); \`\`\` - *Type:* java.util.List Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ##### \`tagStatus\`Optional \`\`\`java public TagStatus getTagStatus(); \`\`\` - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- ### OnCloudTrailImagePushedOptions Options for the onCloudTrailImagePushed method. #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.OnCloudTrailImagePushedOptions; OnCloudTrailImagePushedOptions.builder() // .description(java.lang.String) // .eventPattern(EventPattern) // .ruleName(java.lang.String) // .target(IRuleTarget) // .imageTag(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | java.lang.String | A description of the rule's purpose. | | eventPattern | software.amazon.awscdk.services.events.EventPattern | Additional restrictions for the event to route to the specified target. | | ruleName | java.lang.String | A name for the rule. | | target | software.amazon.awscdk.services.events.IRuleTarget | The target to register for the event. | | imageTag | java.lang.String | Only watch changes to this image tag. | --- ##### \`description\`Optional \`\`\`java public java.lang.String getDescription(); \`\`\` - *Type:* java.lang.String - *Default:* No description A description of the rule's purpose. --- ##### \`eventPattern\`Optional \`\`\`java public EventPattern getEventPattern(); \`\`\` - *Type:* software.amazon.awscdk.services.events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`ruleName\`Optional \`\`\`java public java.lang.String getRuleName(); \`\`\` - *Type:* java.lang.String - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`java public IRuleTarget getTarget(); \`\`\` - *Type:* software.amazon.awscdk.services.events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`imageTag\`Optional \`\`\`java public java.lang.String getImageTag(); \`\`\` - *Type:* java.lang.String - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ### OnImageScanCompletedOptions Options for the OnImageScanCompleted method. #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.OnImageScanCompletedOptions; OnImageScanCompletedOptions.builder() // .description(java.lang.String) // .eventPattern(EventPattern) // .ruleName(java.lang.String) // .target(IRuleTarget) // .imageTags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | java.lang.String | A description of the rule's purpose. | | eventPattern | software.amazon.awscdk.services.events.EventPattern | Additional restrictions for the event to route to the specified target. | | ruleName | java.lang.String | A name for the rule. | | target | software.amazon.awscdk.services.events.IRuleTarget | The target to register for the event. | | imageTags | java.util.List | Only watch changes to the image tags spedified. | --- ##### \`description\`Optional \`\`\`java public java.lang.String getDescription(); \`\`\` - *Type:* java.lang.String - *Default:* No description A description of the rule's purpose. --- ##### \`eventPattern\`Optional \`\`\`java public EventPattern getEventPattern(); \`\`\` - *Type:* software.amazon.awscdk.services.events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`ruleName\`Optional \`\`\`java public java.lang.String getRuleName(); \`\`\` - *Type:* java.lang.String - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`java public IRuleTarget getTarget(); \`\`\` - *Type:* software.amazon.awscdk.services.events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`imageTags\`Optional \`\`\`java public java.util.List getImageTags(); \`\`\` - *Type:* java.util.List - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ### ReplicationConfigurationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty; ReplicationConfigurationProperty.builder() .rules(IResolvable) .rules(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | rules | software.amazon.awscdk.core.IResolvable OR java.util.ListReplicationRuleProperty> | \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. | --- ##### \`rules\`Required \`\`\`java public java.lang.Object getRules(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.ListReplicationRuleProperty> \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules) --- ### ReplicationDestinationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration.ReplicationDestinationProperty; ReplicationDestinationProperty.builder() .region(java.lang.String) .registryId(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | region | java.lang.String | \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. | | registryId | java.lang.String | \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. | --- ##### \`region\`Required \`\`\`java public java.lang.String getRegion(); \`\`\` - *Type:* java.lang.String \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region) --- ##### \`registryId\`Required \`\`\`java public java.lang.String getRegistryId(); \`\`\` - *Type:* java.lang.String \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid) --- ### ReplicationRuleProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration.ReplicationRuleProperty; ReplicationRuleProperty.builder() .destinations(IResolvable) .destinations(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | destinations | software.amazon.awscdk.core.IResolvable OR java.util.ListReplicationDestinationProperty> | \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. | --- ##### \`destinations\`Required \`\`\`java public java.lang.Object getDestinations(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.ListReplicationDestinationProperty> \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations) --- ### RepositoryAttributes #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryAttributes; RepositoryAttributes.builder() .repositoryArn(java.lang.String) .repositoryName(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repositoryArn | java.lang.String | *No description.* | | repositoryName | java.lang.String | *No description.* | --- ##### \`repositoryArn\`Required \`\`\`java public java.lang.String getRepositoryArn(); \`\`\` - *Type:* java.lang.String --- ##### \`repositoryName\`Required \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String --- ### RepositoryProps #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryProps; RepositoryProps.builder() // .imageScanOnPush(java.lang.Boolean) // .imageTagMutability(TagMutability) // .lifecycleRegistryId(java.lang.String) // .lifecycleRules(java.util.List) // .removalPolicy(RemovalPolicy) // .repositoryName(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | imageScanOnPush | java.lang.Boolean | Enable the scan on push when creating the repository. | | imageTagMutability | TagMutability | The tag mutability setting for the repository. | | lifecycleRegistryId | java.lang.String | The AWS account ID associated with the registry that contains the repository. | | lifecycleRules | java.util.List<LifecycleRule> | Life cycle rules to apply to this registry. | | removalPolicy | software.amazon.awscdk.core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repositoryName | java.lang.String | Name for this repository. | --- ##### \`imageScanOnPush\`Optional \`\`\`java public java.lang.Boolean getImageScanOnPush(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Enable the scan on push when creating the repository. --- ##### \`imageTagMutability\`Optional \`\`\`java public TagMutability getImageTagMutability(); \`\`\` - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycleRegistryId\`Optional \`\`\`java public java.lang.String getLifecycleRegistryId(); \`\`\` - *Type:* java.lang.String - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycleRules\`Optional \`\`\`java public java.util.List getLifecycleRules(); \`\`\` - *Type:* java.util.List<LifecycleRule> - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removalPolicy\`Optional \`\`\`java public RemovalPolicy getRemovalPolicy(); \`\`\` - *Type:* software.amazon.awscdk.core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name. Name for this repository. --- ## Classes ### AuthorizationToken Authorization token to access private ECR repositories in the current environment via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) #### Static Functions | **Name** | **Description** | | --- | --- | | grantRead | Grant access to retrieve an authorization token. | --- ##### \`grantRead\` \`\`\`java import software.amazon.awscdk.services.ecr.AuthorizationToken; AuthorizationToken.grantRead(IGrantable grantee) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ### PublicGalleryAuthorizationToken Authorization token to access the global public ECR Gallery via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth) #### Static Functions | **Name** | **Description** | | --- | --- | | grantRead | Grant access to retrieve an authorization token. | --- ##### \`grantRead\` \`\`\`java import software.amazon.awscdk.services.ecr.PublicGalleryAuthorizationToken; PublicGalleryAuthorizationToken.grantRead(IGrantable grantee) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ## Protocols ### IRepository - *Extends:* software.amazon.awscdk.core.IResource - *Implemented By:* Repository, RepositoryBase, IRepository Represents an ECR repository. #### Methods | **Name** | **Description** | | --- | --- | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to pull images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. | | repositoryUriForDigest | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | --- ##### \`addToResourcePolicy\` \`\`\`java public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* software.amazon.awscdk.services.iam.PolicyStatement --- ##### \`grant\` \`\`\`java public Grant grant(IGrantable grantee, java.lang.String actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ###### \`actions\`Required - *Type:* java.lang.String --- ##### \`grantPull\` \`\`\`java public Grant grantPull(IGrantable grantee) \`\`\` Grant the given identity permissions to pull images in this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`grantPullPush\` \`\`\`java public Grant grantPullPush(IGrantable grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`java public Rule onCloudTrailEvent(java.lang.String id) public Rule onCloudTrailEvent(java.lang.String id, OnEventOptions options) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`java public Rule onCloudTrailImagePushed(java.lang.String id) public Rule onCloudTrailImagePushed(java.lang.String id, OnCloudTrailImagePushedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`java public Rule onEvent(java.lang.String id) public Rule onEvent(java.lang.String id, OnEventOptions options) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`java public Rule onImageScanCompleted(java.lang.String id) public Rule onImageScanCompleted(java.lang.String id, OnImageScanCompletedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`java public java.lang.String repositoryUriForDigest() public java.lang.String repositoryUriForDigest(java.lang.String digest) \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* java.lang.String Image digest to use (tools usually default to the image with the "latest" tag if omitted). --- ##### \`repositoryUriForTag\` \`\`\`java public java.lang.String repositoryUriForTag() public java.lang.String repositoryUriForTag(java.lang.String tag) \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* java.lang.String Image tag to use (tools usually default to "latest" if omitted). --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node for this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | repositoryArn | java.lang.String | The ARN of the repository. | | repositoryName | java.lang.String | The name of the repository. | | repositoryUri | java.lang.String | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node for this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`java public java.lang.String getRepositoryArn(); \`\`\` - *Type:* java.lang.String The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`java public java.lang.String getRepositoryUri(); \`\`\` - *Type:* java.lang.String The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Enums ### TagMutability The tag mutability setting for your repository. #### Members | **Name** | **Description** | | --- | --- | | MUTABLE | allow image tags to be overwritten. | | IMMUTABLE | all image tags within the repository will be immutable which will prevent them from being overwritten. | --- ##### \`MUTABLE\` allow image tags to be overwritten. --- ##### \`IMMUTABLE\` all image tags within the repository will be immutable which will prevent them from being overwritten. --- ### TagStatus Select images based on tags. #### Members | **Name** | **Description** | | --- | --- | | ANY | Rule applies to all images. | | TAGGED | Rule applies to tagged images. | | UNTAGGED | Rule applies to untagged images. | --- ##### \`ANY\` Rule applies to all images. --- ##### \`TAGGED\` Rule applies to tagged images. --- ##### \`UNTAGGED\` Rule applies to untagged images. --- " `; exports[`java snapshot - root module 1`] = ` "# Amazon ECR Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This package contains constructs for working with Amazon Elastic Container Registry. ## Repositories Define a repository by creating a new instance of \`Repository\`. A repository holds multiple verions of a single container image. \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object repository = new Repository(this, "Repository"); \`\`\` ## Image scanning Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable \`imageScanOnPush\` in the properties \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object repository = Repository.Builder.create(stack, "Repo") .imageScanOnPush(true) .build(); \`\`\` To create an \`onImageScanCompleted\` event rule and trigger the event target \`\`\`java // Example automatically generated from non-compiling source. May contain errors. repository.onImageScanCompleted("ImageScanComplete").addTarget(...); \`\`\` ### Authorization Token Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the \`GetAuthorizationToken\` ECR API. The following code snippets grants an IAM user access to call this API. \`\`\`java // Example automatically generated from non-compiling source. May contain errors. import aws.cdk.aws.iam.*; import aws.cdk.aws.ecr.*; Object user = User.Builder.create(this, "User")....build(); AuthorizationToken.grantRead(user); \`\`\` If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits. > See \`Pricing\` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html). The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery. \`\`\`java // Example automatically generated from non-compiling source. May contain errors. import aws.cdk.aws.iam.*; import aws.cdk.aws.ecr.*; Object user = User.Builder.create(this, "User")....build(); PublicGalleryAuthorizationToken.grantRead(user); \`\`\` This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth). ### Image tag immutability You can set tag immutability on images in our repository using the \`imageTagMutability\` construct prop. \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Repository.Builder.create(stack, "Repo").imageTagMutability(ecr.getTagMutability().getIMMUTABLE()).build(); \`\`\` ## Automatically clean up repositories You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here): \`\`\`java // Example automatically generated from non-compiling source. May contain errors. repository.addLifecycleRule(Map.of("tagPrefixList", List.of("prod"), "maxImageCount", 9999)); repository.addLifecycleRule(Map.of("maxImageAge", cdk.Duration.days(30))); \`\`\` # API Reference ## Constructs ### CfnPublicRepository - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepository; CfnPublicRepository.Builder.create(Construct scope, java.lang.String id) // .repositoryCatalogData(java.lang.Object) // .repositoryName(java.lang.String) // .repositoryPolicyText(java.lang.Object) // .tags(java.util.List) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | repositoryCatalogData | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryName | java.lang.String | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | java.util.List | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`repositoryCatalogData\`Optional - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryName\`Optional - *Type:* java.lang.String \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repositoryPolicyText\`Optional - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional - *Type:* java.util.List \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepository; CfnPublicRepository.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepository; CfnPublicRepository.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepository; CfnPublicRepository.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | tags | software.amazon.awscdk.core.TagManager | \`AWS::ECR::PublicRepository.Tags\`. | | repositoryCatalogData | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | repositoryName | java.lang.String | \`AWS::ECR::PublicRepository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.core.TagManager \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ##### \`repositoryCatalogData\`Required \`\`\`java public java.lang.Object getRepositoryCatalogData(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryPolicyText\`Required \`\`\`java public java.lang.Object getRepositoryPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnRegistryPolicy - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicy; CfnRegistryPolicy.Builder.create(Construct scope, java.lang.String id) .policyText(java.lang.Object) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | policyText | java.lang.Object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`policyText\`Required - *Type:* java.lang.Object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicy; CfnRegistryPolicy.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicy; CfnRegistryPolicy.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicy; CfnRegistryPolicy.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrRegistryId | java.lang.String | *No description.* | | policyText | java.lang.Object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrRegistryId\`Required \`\`\`java public java.lang.String getAttrRegistryId(); \`\`\` - *Type:* java.lang.String --- ##### \`policyText\`Required \`\`\`java public java.lang.Object getPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnReplicationConfiguration - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration; CfnReplicationConfiguration.Builder.create(Construct scope, java.lang.String id) .replicationConfiguration(IResolvable) .replicationConfiguration(ReplicationConfigurationProperty) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | replicationConfiguration | software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`replicationConfiguration\`Required - *Type:* software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration; CfnReplicationConfiguration.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration; CfnReplicationConfiguration.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration; CfnReplicationConfiguration.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrRegistryId | java.lang.String | *No description.* | | replicationConfiguration | software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrRegistryId\`Required \`\`\`java public java.lang.String getAttrRegistryId(); \`\`\` - *Type:* java.lang.String --- ##### \`replicationConfiguration\`Required \`\`\`java public java.lang.Object getReplicationConfiguration(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnRepository - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository; CfnRepository.Builder.create(Construct scope, java.lang.String id) // .encryptionConfiguration(java.lang.Object) // .imageScanningConfiguration(java.lang.Object) // .imageTagMutability(java.lang.String) // .lifecyclePolicy(IResolvable) // .lifecyclePolicy(LifecyclePolicyProperty) // .repositoryName(java.lang.String) // .repositoryPolicyText(java.lang.Object) // .tags(java.util.List) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | encryptionConfiguration | java.lang.Object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | java.lang.Object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | imageTagMutability | java.lang.String | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | java.lang.String | \`AWS::ECR::Repository.RepositoryName\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | java.util.List | \`AWS::ECR::Repository.Tags\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`encryptionConfiguration\`Optional - *Type:* java.lang.Object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Optional - *Type:* java.lang.Object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`imageTagMutability\`Optional - *Type:* java.lang.String \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional - *Type:* software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional - *Type:* java.lang.String \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repositoryPolicyText\`Optional - *Type:* java.lang.Object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional - *Type:* java.util.List \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository; CfnRepository.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository; CfnRepository.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository; CfnRepository.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | attrRepositoryUri | java.lang.String | *No description.* | | tags | software.amazon.awscdk.core.TagManager | \`AWS::ECR::Repository.Tags\`. | | encryptionConfiguration | java.lang.Object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | java.lang.Object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | imageTagMutability | java.lang.String | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | java.lang.String | \`AWS::ECR::Repository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`attrRepositoryUri\`Required \`\`\`java public java.lang.String getAttrRepositoryUri(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.core.TagManager \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ##### \`encryptionConfiguration\`Required \`\`\`java public java.lang.Object getEncryptionConfiguration(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Required \`\`\`java public java.lang.Object getImageScanningConfiguration(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`repositoryPolicyText\`Required \`\`\`java public java.lang.Object getRepositoryPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`imageTagMutability\`Optional \`\`\`java public java.lang.String getImageTagMutability(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional \`\`\`java public java.lang.Object getLifecyclePolicy(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### Repository Define an ECR repository. #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.Builder.create(Construct scope, java.lang.String id) // .imageScanOnPush(java.lang.Boolean) // .imageTagMutability(TagMutability) // .lifecycleRegistryId(java.lang.String) // .lifecycleRules(java.util.List) // .removalPolicy(RemovalPolicy) // .repositoryName(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | imageScanOnPush | java.lang.Boolean | Enable the scan on push when creating the repository. | | imageTagMutability | TagMutability | The tag mutability setting for the repository. | | lifecycleRegistryId | java.lang.String | The AWS account ID associated with the registry that contains the repository. | | lifecycleRules | java.util.List<LifecycleRule> | Life cycle rules to apply to this registry. | | removalPolicy | software.amazon.awscdk.core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repositoryName | java.lang.String | Name for this repository. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`imageScanOnPush\`Optional - *Type:* java.lang.Boolean - *Default:* false Enable the scan on push when creating the repository. --- ##### \`imageTagMutability\`Optional - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycleRegistryId\`Optional - *Type:* java.lang.String - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycleRules\`Optional - *Type:* java.util.List<LifecycleRule> - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removalPolicy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repositoryName\`Optional - *Type:* java.lang.String - *Default:* Automatically generated name. Name for this repository. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to use the images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | addLifecycleRule | Add a life cycle rule to the repository. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ##### \`addToResourcePolicy\` \`\`\`java public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* software.amazon.awscdk.services.iam.PolicyStatement --- ##### \`grant\` \`\`\`java public Grant grant(IGrantable grantee, java.lang.String actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ###### \`actions\`Required - *Type:* java.lang.String --- ##### \`grantPull\` \`\`\`java public Grant grantPull(IGrantable grantee) \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`grantPullPush\` \`\`\`java public Grant grantPullPush(IGrantable grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`java public Rule onCloudTrailEvent(java.lang.String id) public Rule onCloudTrailEvent(java.lang.String id, OnEventOptions options) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`java public Rule onCloudTrailImagePushed(java.lang.String id) public Rule onCloudTrailImagePushed(java.lang.String id, OnCloudTrailImagePushedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`java public Rule onEvent(java.lang.String id) public Rule onEvent(java.lang.String id, OnEventOptions options) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`java public Rule onImageScanCompleted(java.lang.String id) public Rule onImageScanCompleted(java.lang.String id, OnImageScanCompletedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`java public java.lang.String repositoryUriForDigest() public java.lang.String repositoryUriForDigest(java.lang.String digest) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* java.lang.String Optional image digest. --- ##### \`repositoryUriForTag\` \`\`\`java public java.lang.String repositoryUriForTag() public java.lang.String repositoryUriForTag(java.lang.String tag) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* java.lang.String Optional image tag. --- ##### \`addLifecycleRule\` \`\`\`java public void addLifecycleRule(LifecycleRule rule) \`\`\` Add a life cycle rule to the repository. Life cycle rules automatically expire images from the repository that match certain conditions. ###### \`rule\`Required - *Type:* LifecycleRule --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | | arnForLocalRepository | Returns an ECR ARN for a repository that resides in the same account/region as the current stack. | | fromRepositoryArn | *No description.* | | fromRepositoryAttributes | Import a repository. | | fromRepositoryName | *No description.* | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.amazon.awscdk.core.IConstruct --- ##### \`arnForLocalRepository\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.arnForLocalRepository(java.lang.String repositoryName, IConstruct scope),Repository.arnForLocalRepository(java.lang.String repositoryName, IConstruct scope, java.lang.String account) \`\`\` Returns an ECR ARN for a repository that resides in the same account/region as the current stack. ###### \`repositoryName\`Required - *Type:* java.lang.String --- ###### \`scope\`Required - *Type:* software.constructs.IConstruct --- ###### \`account\`Optional - *Type:* java.lang.String --- ##### \`fromRepositoryArn\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.fromRepositoryArn(Construct scope, java.lang.String id, java.lang.String repositoryArn) \`\`\` ###### \`scope\`Required - *Type:* software.constructs.Construct --- ###### \`id\`Required - *Type:* java.lang.String --- ###### \`repositoryArn\`Required - *Type:* java.lang.String --- ##### \`fromRepositoryAttributes\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.fromRepositoryAttributes(Construct scope, java.lang.String id, RepositoryAttributes attrs) \`\`\` Import a repository. ###### \`scope\`Required - *Type:* software.constructs.Construct --- ###### \`id\`Required - *Type:* java.lang.String --- ###### \`attrs\`Required - *Type:* RepositoryAttributes --- ##### \`fromRepositoryName\` \`\`\`java import software.amazon.awscdk.services.ecr.Repository; Repository.fromRepositoryName(Construct scope, java.lang.String id, java.lang.String repositoryName) \`\`\` ###### \`scope\`Required - *Type:* software.constructs.Construct --- ###### \`id\`Required - *Type:* java.lang.String --- ###### \`repositoryName\`Required - *Type:* java.lang.String --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | repositoryArn | java.lang.String | The ARN of the repository. | | repositoryName | java.lang.String | The name of the repository. | | repositoryUri | java.lang.String | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`java public java.lang.String getRepositoryArn(); \`\`\` - *Type:* java.lang.String The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`java public java.lang.String getRepositoryUri(); \`\`\` - *Type:* java.lang.String The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ### RepositoryBase - *Implements:* IRepository Base class for ECR repository. Reused between imported repositories and owned repositories. #### Initializers \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryBase; RepositoryBase.Builder.create(Construct scope, java.lang.String id) // .account(java.lang.String) // .environmentFromArn(java.lang.String) // .physicalName(java.lang.String) // .region(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | account | java.lang.String | The AWS account ID this resource belongs to. | | environmentFromArn | java.lang.String | ARN to deduce region and account from. | | physicalName | java.lang.String | The value passed in by users to the physical name prop of the resource. | | region | java.lang.String | The AWS region this resource belongs to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`account\`Optional - *Type:* java.lang.String - *Default:* the resource is in the same account as the stack it belongs to The AWS account ID this resource belongs to. --- ##### \`environmentFromArn\`Optional - *Type:* java.lang.String - *Default:* take environment from \`account\`, \`region\` parameters, or use Stack environment. ARN to deduce region and account from. The ARN is parsed and the account and region are taken from the ARN. This should be used for imported resources. Cannot be supplied together with either \`account\` or \`region\`. --- ##### \`physicalName\`Optional - *Type:* java.lang.String - *Default:* The physical name will be allocated by CloudFormation at deployment time The value passed in by users to the physical name prop of the resource. \`undefined\` implies that a physical name will be allocated by CloudFormation during deployment. - a concrete value implies a specific physical name - \`PhysicalName.GENERATE_IF_NEEDED\` is a marker that indicates that a physical will only be generated by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation. --- ##### \`region\`Optional - *Type:* java.lang.String - *Default:* the resource is in the same region as the stack it belongs to The AWS region this resource belongs to. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to use the images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ##### \`addToResourcePolicy\` \`\`\`java public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* software.amazon.awscdk.services.iam.PolicyStatement --- ##### \`grant\` \`\`\`java public Grant grant(IGrantable grantee, java.lang.String actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ###### \`actions\`Required - *Type:* java.lang.String --- ##### \`grantPull\` \`\`\`java public Grant grantPull(IGrantable grantee) \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`grantPullPush\` \`\`\`java public Grant grantPullPush(IGrantable grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`java public Rule onCloudTrailEvent(java.lang.String id) public Rule onCloudTrailEvent(java.lang.String id, OnEventOptions options) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`java public Rule onCloudTrailImagePushed(java.lang.String id) public Rule onCloudTrailImagePushed(java.lang.String id, OnCloudTrailImagePushedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`java public Rule onEvent(java.lang.String id) public Rule onEvent(java.lang.String id, OnEventOptions options) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`java public Rule onImageScanCompleted(java.lang.String id) public Rule onImageScanCompleted(java.lang.String id, OnImageScanCompletedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`java public java.lang.String repositoryUriForDigest() public java.lang.String repositoryUriForDigest(java.lang.String digest) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* java.lang.String Optional image digest. --- ##### \`repositoryUriForTag\` \`\`\`java public java.lang.String repositoryUriForTag() public java.lang.String repositoryUriForTag(java.lang.String tag) \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* java.lang.String Optional image tag. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryBase; RepositoryBase.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryBase; RepositoryBase.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.amazon.awscdk.core.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | repositoryArn | java.lang.String | The ARN of the repository. | | repositoryName | java.lang.String | The name of the repository. | | repositoryUri | java.lang.String | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`java public java.lang.String getRepositoryArn(); \`\`\` - *Type:* java.lang.String The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`java public java.lang.String getRepositoryUri(); \`\`\` - *Type:* java.lang.String The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Structs ### CfnPublicRepositoryProps Properties for defining a \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnPublicRepositoryProps; CfnPublicRepositoryProps.builder() // .repositoryCatalogData(java.lang.Object) // .repositoryName(java.lang.String) // .repositoryPolicyText(java.lang.Object) // .tags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repositoryCatalogData | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryName | java.lang.String | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | java.util.List | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`repositoryCatalogData\`Optional \`\`\`java public java.lang.Object getRepositoryCatalogData(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repositoryPolicyText\`Optional \`\`\`java public java.lang.Object getRepositoryPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`java public java.util.List getTags(); \`\`\` - *Type:* java.util.List \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ### CfnRegistryPolicyProps Properties for defining a \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnRegistryPolicyProps; CfnRegistryPolicyProps.builder() .policyText(java.lang.Object) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | policyText | java.lang.Object | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`policyText\`Required \`\`\`java public java.lang.Object getPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- ### CfnReplicationConfigurationProps Properties for defining a \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfigurationProps; CfnReplicationConfigurationProps.builder() .replicationConfiguration(IResolvable) .replicationConfiguration(ReplicationConfigurationProperty) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | replicationConfiguration | software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`replicationConfiguration\`Required \`\`\`java public java.lang.Object getReplicationConfiguration(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- ### CfnRepositoryProps Properties for defining a \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepositoryProps; CfnRepositoryProps.builder() // .encryptionConfiguration(java.lang.Object) // .imageScanningConfiguration(java.lang.Object) // .imageTagMutability(java.lang.String) // .lifecyclePolicy(IResolvable) // .lifecyclePolicy(LifecyclePolicyProperty) // .repositoryName(java.lang.String) // .repositoryPolicyText(java.lang.Object) // .tags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | encryptionConfiguration | java.lang.Object | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | java.lang.Object | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | imageTagMutability | java.lang.String | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | java.lang.String | \`AWS::ECR::Repository.RepositoryName\`. | | repositoryPolicyText | java.lang.Object | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | java.util.List | \`AWS::ECR::Repository.Tags\`. | --- ##### \`encryptionConfiguration\`Optional \`\`\`java public java.lang.Object getEncryptionConfiguration(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Optional \`\`\`java public java.lang.Object getImageScanningConfiguration(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`imageTagMutability\`Optional \`\`\`java public java.lang.String getImageTagMutability(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional \`\`\`java public java.lang.Object getLifecyclePolicy(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repositoryPolicyText\`Optional \`\`\`java public java.lang.Object getRepositoryPolicyText(); \`\`\` - *Type:* java.lang.Object \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`java public java.util.List getTags(); \`\`\` - *Type:* java.util.List \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ### LifecyclePolicyProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnRepository.LifecyclePolicyProperty; LifecyclePolicyProperty.builder() // .lifecyclePolicyText(java.lang.String) // .registryId(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | lifecyclePolicyText | java.lang.String | \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. | | registryId | java.lang.String | \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. | --- ##### \`lifecyclePolicyText\`Optional \`\`\`java public java.lang.String getLifecyclePolicyText(); \`\`\` - *Type:* java.lang.String \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext) --- ##### \`registryId\`Optional \`\`\`java public java.lang.String getRegistryId(); \`\`\` - *Type:* java.lang.String \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid) --- ### LifecycleRule An ECR life cycle rule. #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.LifecycleRule; LifecycleRule.builder() // .description(java.lang.String) // .maxImageAge(Duration) // .maxImageCount(java.lang.Number) // .rulePriority(java.lang.Number) // .tagPrefixList(java.util.List) // .tagStatus(TagStatus) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | java.lang.String | Describes the purpose of the rule. | | maxImageAge | software.amazon.awscdk.core.Duration | The maximum age of images to retain. The value must represent a number of days. | | maxImageCount | java.lang.Number | The maximum number of images to retain. | | rulePriority | java.lang.Number | Controls the order in which rules are evaluated (low to high). | | tagPrefixList | java.util.List | Select images that have ALL the given prefixes in their tag. | | tagStatus | TagStatus | Select images based on tags. | --- ##### \`description\`Optional \`\`\`java public java.lang.String getDescription(); \`\`\` - *Type:* java.lang.String - *Default:* No description Describes the purpose of the rule. --- ##### \`maxImageAge\`Optional \`\`\`java public Duration getMaxImageAge(); \`\`\` - *Type:* software.amazon.awscdk.core.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`maxImageCount\`Optional \`\`\`java public java.lang.Number getMaxImageCount(); \`\`\` - *Type:* java.lang.Number The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`rulePriority\`Optional \`\`\`java public java.lang.Number getRulePriority(); \`\`\` - *Type:* java.lang.Number - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ##### \`tagPrefixList\`Optional \`\`\`java public java.util.List getTagPrefixList(); \`\`\` - *Type:* java.util.List Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ##### \`tagStatus\`Optional \`\`\`java public TagStatus getTagStatus(); \`\`\` - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- ### OnCloudTrailImagePushedOptions Options for the onCloudTrailImagePushed method. #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.OnCloudTrailImagePushedOptions; OnCloudTrailImagePushedOptions.builder() // .description(java.lang.String) // .eventPattern(EventPattern) // .ruleName(java.lang.String) // .target(IRuleTarget) // .imageTag(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | java.lang.String | A description of the rule's purpose. | | eventPattern | software.amazon.awscdk.services.events.EventPattern | Additional restrictions for the event to route to the specified target. | | ruleName | java.lang.String | A name for the rule. | | target | software.amazon.awscdk.services.events.IRuleTarget | The target to register for the event. | | imageTag | java.lang.String | Only watch changes to this image tag. | --- ##### \`description\`Optional \`\`\`java public java.lang.String getDescription(); \`\`\` - *Type:* java.lang.String - *Default:* No description A description of the rule's purpose. --- ##### \`eventPattern\`Optional \`\`\`java public EventPattern getEventPattern(); \`\`\` - *Type:* software.amazon.awscdk.services.events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`ruleName\`Optional \`\`\`java public java.lang.String getRuleName(); \`\`\` - *Type:* java.lang.String - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`java public IRuleTarget getTarget(); \`\`\` - *Type:* software.amazon.awscdk.services.events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`imageTag\`Optional \`\`\`java public java.lang.String getImageTag(); \`\`\` - *Type:* java.lang.String - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ### OnImageScanCompletedOptions Options for the OnImageScanCompleted method. #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.OnImageScanCompletedOptions; OnImageScanCompletedOptions.builder() // .description(java.lang.String) // .eventPattern(EventPattern) // .ruleName(java.lang.String) // .target(IRuleTarget) // .imageTags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | java.lang.String | A description of the rule's purpose. | | eventPattern | software.amazon.awscdk.services.events.EventPattern | Additional restrictions for the event to route to the specified target. | | ruleName | java.lang.String | A name for the rule. | | target | software.amazon.awscdk.services.events.IRuleTarget | The target to register for the event. | | imageTags | java.util.List | Only watch changes to the image tags spedified. | --- ##### \`description\`Optional \`\`\`java public java.lang.String getDescription(); \`\`\` - *Type:* java.lang.String - *Default:* No description A description of the rule's purpose. --- ##### \`eventPattern\`Optional \`\`\`java public EventPattern getEventPattern(); \`\`\` - *Type:* software.amazon.awscdk.services.events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`ruleName\`Optional \`\`\`java public java.lang.String getRuleName(); \`\`\` - *Type:* java.lang.String - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`java public IRuleTarget getTarget(); \`\`\` - *Type:* software.amazon.awscdk.services.events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`imageTags\`Optional \`\`\`java public java.util.List getImageTags(); \`\`\` - *Type:* java.util.List - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ### ReplicationConfigurationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty; ReplicationConfigurationProperty.builder() .rules(IResolvable) .rules(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | rules | software.amazon.awscdk.core.IResolvable OR java.util.ListReplicationRuleProperty> | \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. | --- ##### \`rules\`Required \`\`\`java public java.lang.Object getRules(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.ListReplicationRuleProperty> \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules) --- ### ReplicationDestinationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration.ReplicationDestinationProperty; ReplicationDestinationProperty.builder() .region(java.lang.String) .registryId(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | region | java.lang.String | \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. | | registryId | java.lang.String | \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. | --- ##### \`region\`Required \`\`\`java public java.lang.String getRegion(); \`\`\` - *Type:* java.lang.String \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region) --- ##### \`registryId\`Required \`\`\`java public java.lang.String getRegistryId(); \`\`\` - *Type:* java.lang.String \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid) --- ### ReplicationRuleProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.CfnReplicationConfiguration.ReplicationRuleProperty; ReplicationRuleProperty.builder() .destinations(IResolvable) .destinations(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | destinations | software.amazon.awscdk.core.IResolvable OR java.util.ListReplicationDestinationProperty> | \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. | --- ##### \`destinations\`Required \`\`\`java public java.lang.Object getDestinations(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.ListReplicationDestinationProperty> \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations) --- ### RepositoryAttributes #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryAttributes; RepositoryAttributes.builder() .repositoryArn(java.lang.String) .repositoryName(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repositoryArn | java.lang.String | *No description.* | | repositoryName | java.lang.String | *No description.* | --- ##### \`repositoryArn\`Required \`\`\`java public java.lang.String getRepositoryArn(); \`\`\` - *Type:* java.lang.String --- ##### \`repositoryName\`Required \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String --- ### RepositoryProps #### Initializer \`\`\`java import software.amazon.awscdk.services.ecr.RepositoryProps; RepositoryProps.builder() // .imageScanOnPush(java.lang.Boolean) // .imageTagMutability(TagMutability) // .lifecycleRegistryId(java.lang.String) // .lifecycleRules(java.util.List) // .removalPolicy(RemovalPolicy) // .repositoryName(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | imageScanOnPush | java.lang.Boolean | Enable the scan on push when creating the repository. | | imageTagMutability | TagMutability | The tag mutability setting for the repository. | | lifecycleRegistryId | java.lang.String | The AWS account ID associated with the registry that contains the repository. | | lifecycleRules | java.util.List<LifecycleRule> | Life cycle rules to apply to this registry. | | removalPolicy | software.amazon.awscdk.core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repositoryName | java.lang.String | Name for this repository. | --- ##### \`imageScanOnPush\`Optional \`\`\`java public java.lang.Boolean getImageScanOnPush(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Enable the scan on push when creating the repository. --- ##### \`imageTagMutability\`Optional \`\`\`java public TagMutability getImageTagMutability(); \`\`\` - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycleRegistryId\`Optional \`\`\`java public java.lang.String getLifecycleRegistryId(); \`\`\` - *Type:* java.lang.String - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycleRules\`Optional \`\`\`java public java.util.List getLifecycleRules(); \`\`\` - *Type:* java.util.List<LifecycleRule> - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removalPolicy\`Optional \`\`\`java public RemovalPolicy getRemovalPolicy(); \`\`\` - *Type:* software.amazon.awscdk.core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repositoryName\`Optional \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name. Name for this repository. --- ## Classes ### AuthorizationToken Authorization token to access private ECR repositories in the current environment via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) #### Static Functions | **Name** | **Description** | | --- | --- | | grantRead | Grant access to retrieve an authorization token. | --- ##### \`grantRead\` \`\`\`java import software.amazon.awscdk.services.ecr.AuthorizationToken; AuthorizationToken.grantRead(IGrantable grantee) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ### PublicGalleryAuthorizationToken Authorization token to access the global public ECR Gallery via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth) #### Static Functions | **Name** | **Description** | | --- | --- | | grantRead | Grant access to retrieve an authorization token. | --- ##### \`grantRead\` \`\`\`java import software.amazon.awscdk.services.ecr.PublicGalleryAuthorizationToken; PublicGalleryAuthorizationToken.grantRead(IGrantable grantee) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ## Protocols ### IRepository - *Extends:* software.amazon.awscdk.core.IResource - *Implemented By:* Repository, RepositoryBase, IRepository Represents an ECR repository. #### Methods | **Name** | **Description** | | --- | --- | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to pull images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. | | repositoryUriForDigest | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | --- ##### \`addToResourcePolicy\` \`\`\`java public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement) \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* software.amazon.awscdk.services.iam.PolicyStatement --- ##### \`grant\` \`\`\`java public Grant grant(IGrantable grantee, java.lang.String actions) \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ###### \`actions\`Required - *Type:* java.lang.String --- ##### \`grantPull\` \`\`\`java public Grant grantPull(IGrantable grantee) \`\`\` Grant the given identity permissions to pull images in this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`grantPullPush\` \`\`\`java public Grant grantPullPush(IGrantable grantee) \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* software.amazon.awscdk.services.iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`java public Rule onCloudTrailEvent(java.lang.String id) public Rule onCloudTrailEvent(java.lang.String id, OnEventOptions options) \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`java public Rule onCloudTrailImagePushed(java.lang.String id) public Rule onCloudTrailImagePushed(java.lang.String id, OnCloudTrailImagePushedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`java public Rule onEvent(java.lang.String id) public Rule onEvent(java.lang.String id, OnEventOptions options) \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.services.events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`java public Rule onImageScanCompleted(java.lang.String id) public Rule onImageScanCompleted(java.lang.String id, OnImageScanCompletedOptions options) \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. ###### \`id\`Required - *Type:* java.lang.String The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`java public java.lang.String repositoryUriForDigest() public java.lang.String repositoryUriForDigest(java.lang.String digest) \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* java.lang.String Image digest to use (tools usually default to the image with the "latest" tag if omitted). --- ##### \`repositoryUriForTag\` \`\`\`java public java.lang.String repositoryUriForTag() public java.lang.String repositoryUriForTag(java.lang.String tag) \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* java.lang.String Image tag to use (tools usually default to "latest" if omitted). --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node for this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | repositoryArn | java.lang.String | The ARN of the repository. | | repositoryName | java.lang.String | The name of the repository. | | repositoryUri | java.lang.String | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node for this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`java public java.lang.String getRepositoryArn(); \`\`\` - *Type:* java.lang.String The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`java public java.lang.String getRepositoryName(); \`\`\` - *Type:* java.lang.String The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`java public java.lang.String getRepositoryUri(); \`\`\` - *Type:* java.lang.String The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Enums ### TagMutability The tag mutability setting for your repository. #### Members | **Name** | **Description** | | --- | --- | | MUTABLE | allow image tags to be overwritten. | | IMMUTABLE | all image tags within the repository will be immutable which will prevent them from being overwritten. | --- ##### \`MUTABLE\` allow image tags to be overwritten. --- ##### \`IMMUTABLE\` all image tags within the repository will be immutable which will prevent them from being overwritten. --- ### TagStatus Select images based on tags. #### Members | **Name** | **Description** | | --- | --- | | ANY | Rule applies to all images. | | TAGGED | Rule applies to tagged images. | | UNTAGGED | Rule applies to untagged images. | --- ##### \`ANY\` Rule applies to all images. --- ##### \`TAGGED\` Rule applies to tagged images. --- ##### \`UNTAGGED\` Rule applies to untagged images. --- " `; exports[`java snapshot - submodules 1`] = ` "# Amazon EKS Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This construct library allows you to define [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com/eks/) clusters. In addition, the library also supports defining Kubernetes resource manifests within EKS clusters. ## Table Of Contents * [Quick Start](#quick-start) * [API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-eks-readme.html) * [Architectural Overview](#architectural-overview) * [Provisioning clusters](#provisioning-clusters) * [Managed node groups](#managed-node-groups) * [Fargate Profiles](#fargate-profiles) * [Self-managed nodes](#self-managed-nodes) * [Endpoint Access](#endpoint-access) * [VPC Support](#vpc-support) * [Kubectl Support](#kubectl-support) * [ARM64 Support](#arm64-support) * [Masters Role](#masters-role) * [Encryption](#encryption) * [Permissions and Security](#permissions-and-security) * [Applying Kubernetes Resources](#applying-kubernetes-resources) * [Kubernetes Manifests](#kubernetes-manifests) * [Helm Charts](#helm-charts) * [CDK8s Charts](#cdk8s-charts) * [Patching Kubernetes Resources](#patching-kubernetes-resources) * [Querying Kubernetes Resources](#querying-kubernetes-resources) * [Using existing clusters](#using-existing-clusters) * [Known Issues and Limitations](#known-issues-and-limitations) ## Quick Start This example defines an Amazon EKS cluster with the following configuration: * Dedicated VPC with default configuration (Implicitly created using [ec2.Vpc](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html#vpc)) * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image. \`\`\`ts // provisiong a cluster const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, }); // apply a kubernetes manifest to the cluster cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ] } }); \`\`\` In order to interact with your cluster through \`kubectl\`, you can use the \`aws eks update-kubeconfig\` [AWS CLI command](https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html) to configure your local kubeconfig. The EKS module will define a CloudFormation output in your stack which contains the command to run. For example: \`\`\`plaintext Outputs: ClusterConfigCommand43AAE40F = aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy \`\`\` Execute the \`aws eks update-kubeconfig ...\` command in your terminal to create or update a local kubeconfig context: \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` And now you can simply use \`kubectl\`: \`\`\`console $ kubectl get all -n kube-system NAME READY STATUS RESTARTS AGE pod/aws-node-fpmwv 1/1 Running 0 21m pod/aws-node-m9htf 1/1 Running 0 21m pod/coredns-5cb4fb54c7-q222j 1/1 Running 0 23m pod/coredns-5cb4fb54c7-v9nxx 1/1 Running 0 23m ... \`\`\` ## Architectural Overview The following is a qualitative diagram of the various possible components involved in the cluster deployment. \`\`\`text +-----------------------------------------------+ +-----------------+ | EKS Cluster | kubectl | | |-----------------------------------------------|<-------------+| Kubectl Handler | | | | | | | +-----------------+ | +--------------------+ +-----------------+ | | | | | | | | | Managed Node Group | | Fargate Profile | | +-----------------+ | | | | | | | | | +--------------------+ +-----------------+ | | Cluster Handler | | | | | +-----------------------------------------------+ +-----------------+ ^ ^ + | | | | connect self managed capacity | | aws-sdk | | create/update/delete | + | v +--------------------+ + +-------------------+ | | --------------+| eks.amazonaws.com | | Auto Scaling Group | +-------------------+ | | +--------------------+ \`\`\` In a nutshell: * \`EKS Cluster\` - The cluster endpoint created by EKS. * \`Managed Node Group\` - EC2 worker nodes managed by EKS. * \`Fargate Profile\` - Fargate worker nodes managed by EKS. * \`Auto Scaling Group\` - EC2 worker nodes managed by the user. * \`KubectlHandler\` - Lambda function for invoking \`kubectl\` commands on the cluster - created by CDK. * \`ClusterHandler\` - Lambda function for interacting with EKS API to manage the cluster lifecycle - created by CDK. A more detailed breakdown of each is provided further down this README. ## Provisioning clusters Creating a new cluster is done using the \`Cluster\` or \`FargateCluster\` constructs. The only required property is the kubernetes \`version\`. \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` You can also use \`FargateCluster\` to provision a cluster that uses only fargate workers. \`\`\`ts new eks.FargateCluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` > **NOTE: Only 1 cluster per stack is supported.** If you have a use-case for multiple clusters per stack, or would like to understand more about this limitation, see . Below you'll find a few important cluster configuration options. First of which is Capacity. Capacity is the amount and the type of worker nodes that are available to the cluster for deploying resources. Amazon EKS offers 3 ways of configuring capacity, which you can combine as you like: ### Managed node groups Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. With Amazon EKS managed node groups, you don’t need to separately provision or register the Amazon EC2 instances that provide compute capacity to run your Kubernetes applications. You can create, update, or terminate nodes for your cluster with a single operation. Nodes run using the latest Amazon EKS optimized AMIs in your AWS account while node updates and terminations gracefully drain nodes to ensure that your applications stay available. > For more details visit [Amazon EKS Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). **Managed Node Groups are the recommended way to allocate cluster capacity.** By default, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). At cluster instantiation time, you can customize the number of instances and their type: \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); \`\`\` To access the node group that was created on your behalf, you can use \`cluster.defaultNodegroup\`. Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the \`cluster.addNodegroupCapacity\` method: \`\`\`ts const cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 0, }); cluster.addNodegroupCapacity('custom-node-group', { instanceTypes: [new ec2.InstanceType('m5.large')], minSize: 4, diskSize: 100, amiType: eks.NodegroupAmiType.AL2_X86_64_GPU, ... }); \`\`\` #### Spot Instances Support Use \`capacityType\` to create managed node groups comprised of spot instances. To maximize the availability of your applications while using Spot Instances, we recommend that you configure a Spot managed node group to use multiple instance types with the \`instanceTypes\` property. > For more details visit [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types). \`\`\`ts cluster.addNodegroupCapacity('extra-ng-spot', { instanceTypes: [ new ec2.InstanceType('c5.large'), new ec2.InstanceType('c5a.large'), new ec2.InstanceType('c5d.large'), ], minSize: 3, capacityType: eks.CapacityType.SPOT, }); \`\`\` #### Launch Template Support You can specify a launch template that the node group will use. For example, this can be useful if you want to use a custom AMI or add custom user data. When supplying a custom user data script, it must be encoded in the MIME multi-part archive format, since Amazon EKS merges with its own user data. Visit the [Launch Template Docs](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data) for mode details. \`\`\`ts const userData = \`MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "Running custom user data script" --==MYBOUNDARY==--\\\\ \`; const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { instanceType: 't3.small', userData: Fn.base64(userData), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` Note that when using a custom AMI, Amazon EKS doesn't merge any user data. Which means you do not need the multi-part encoding. and are responsible for supplying the required bootstrap commands for nodes to join the cluster. In the following example, \`/ect/eks/bootstrap.sh\` from the AMI will be used to bootstrap the node. \`\`\`ts const userData = ec2.UserData.forLinux(); userData.addCommands( 'set -o xtrace', \`/etc/eks/bootstrap.sh \${cluster.clusterName}\`, ); const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { imageId: 'some-ami-id', // custom AMI instanceType: 't3.small', userData: Fn.base64(userData.render()), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` You may specify one \`instanceType\` in the launch template or multiple \`instanceTypes\` in the node group, **but not both**. > For more details visit [Launch Template Support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). Graviton 2 instance types are supported including \`c6g\`, \`m6g\`, \`r6g\` and \`t4g\`. ### Fargate profiles AWS Fargate is a technology that provides on-demand, right-sized compute capacity for containers. With AWS Fargate, you no longer have to provision, configure, or scale groups of virtual machines to run containers. This removes the need to choose server types, decide when to scale your node groups, or optimize cluster packing. You can control which pods start on Fargate and how they run with Fargate Profiles, which are defined as part of your Amazon EKS cluster. See [Fargate Considerations](https://docs.aws.amazon.com/eks/latest/userguide/fargate.html#fargate-considerations) in the AWS EKS User Guide. You can add Fargate Profiles to any EKS cluster defined in your CDK app through the \`addFargateProfile()\` method. The following example adds a profile that will match all pods from the "default" namespace: \`\`\`ts cluster.addFargateProfile('MyProfile', { selectors: [ { namespace: 'default' } ] }); \`\`\` You can also directly use the \`FargateProfile\` construct to create profiles under different scopes: \`\`\`ts new eks.FargateProfile(scope, 'MyProfile', { cluster, ... }); \`\`\` To create an EKS cluster that **only** uses Fargate capacity, you can use \`FargateCluster\`. The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns). \`\`\`ts const cluster = new eks.FargateCluster(this, 'MyCluster', { version: eks.KubernetesVersion.V1_19, }); \`\`\` **NOTE**: Classic Load Balancers and Network Load Balancers are not supported on pods running on Fargate. For ingress, we recommend that you use the [ALB Ingress Controller](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) on Amazon EKS (minimum version v1.1.4). ### Self-managed nodes Another way of allocating capacity to an EKS cluster is by using self-managed nodes. EC2 instances that are part of the auto-scaling group will serve as worker nodes for the cluster. This type of capacity is also commonly referred to as *EC2 Capacity** or *EC2 Nodes*. For a detailed overview please visit [Self Managed Nodes](https://docs.aws.amazon.com/eks/latest/userguide/worker.html). Creating an auto-scaling group and connecting it to the cluster is done using the \`cluster.addAutoScalingGroupCapacity\` method: \`\`\`ts cluster.addAutoScalingGroupCapacity('frontend-nodes', { instanceType: new ec2.InstanceType('t2.medium'), minCapacity: 3, vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC } }); \`\`\` To connect an already initialized auto-scaling group, use the \`cluster.connectAutoScalingGroupCapacity()\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...); cluster.connectAutoScalingGroupCapacity(asg); \`\`\` In both cases, the [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#cluster-sg) will be automatically attached to the auto-scaling group, allowing for traffic to flow freely between managed and self-managed nodes. > **Note:** The default \`updateType\` for auto-scaling groups does not replace existing nodes. Since security groups are determined at launch time, self-managed nodes that were provisioned with version \`1.78.0\` or lower, will not be updated. > To apply the new configuration on all your self-managed nodes, you'll need to replace the nodes using the \`UpdateType.REPLACING_UPDATE\` policy for the [\`updateType\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-autoscaling.AutoScalingGroup.html#updatetypespan-classapi-icon-api-icon-deprecated-titlethis-api-element-is-deprecated-its-use-is-not-recommended%EF%B8%8Fspan) property. You can customize the [/etc/eks/boostrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) script, which is responsible for bootstrapping the node to the EKS cluster. For example, you can use \`kubeletExtraArgs\` to add custom node labels or taints. \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { instanceType: new ec2.InstanceType('t3.large'), minCapacity: 2, bootstrapOptions: { kubeletExtraArgs: '--node-labels foo=bar,goo=far', awsApiRetryAttempts: 5 } }); \`\`\` To disable bootstrapping altogether (i.e. to fully customize user-data), set \`bootstrapEnabled\` to \`false\`. You can also configure the cluster to use an auto-scaling group as the default capacity: \`\`\`ts cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacityType: eks.DefaultCapacityType.EC2, }); \`\`\` This will allocate an auto-scaling group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). To access the \`AutoScalingGroup\` that was created on your behalf, you can use \`cluster.defaultCapacity\`. You can also independently create an \`AutoScalingGroup\` and connect it to the cluster using the \`cluster.connectAutoScalingGroupCapacity\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...) cluster.connectAutoScalingGroupCapacity(asg); \`\`\` This will add the necessary user-data to access the apiserver and configure all connections, roles, and tags needed for the instances in the auto-scaling group to properly join the cluster. #### Spot Instances When using self-managed nodes, you can configure the capacity to use spot instances, greatly reducing capacity cost. To enable spot capacity, use the \`spotPrice\` property: \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { spotPrice: '0.1094', instanceType: new ec2.InstanceType('t3.large'), maxCapacity: 10 }); \`\`\` > Spot instance nodes will be labeled with \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. The [AWS Node Termination Handler](https://github.com/aws/aws-node-termination-handler) \`DaemonSet\` will be installed from [Amazon EKS Helm chart repository](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler) on these nodes. The termination handler ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as [EC2 maintenance events](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) and [EC2 Spot interruptions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html) and helps gracefully stop all pods running on spot nodes that are about to be terminated. > Handler Version: [1.7.0](https://github.com/aws/aws-node-termination-handler/releases/tag/v1.7.0) > > Chart Version: [0.9.5](https://github.com/aws/eks-charts/blob/v0.0.28/stable/aws-node-termination-handler/Chart.yaml) To disable the installation of the termination handler, set the \`spotInterruptHandler\` property to \`false\`. This applies both to \`addAutoScalingGroupCapacity\` and \`connectAutoScalingGroupCapacity\`. #### Bottlerocket [Bottlerocket](https://aws.amazon.com/bottlerocket/) is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts. At this moment, \`Bottlerocket\` is only supported when using self-managed auto-scaling groups. > **NOTICE**: Bottlerocket is only available in [some supported AWS regions](https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#finding-an-ami). The following example will create an auto-scaling group of 2 \`t3.small\` Linux instances running with the \`Bottlerocket\` AMI. \`\`\`ts cluster.addAutoScalingGroupCapacity('BottlerocketNodes', { instanceType: new ec2.InstanceType('t3.small'), minCapacity: 2, machineImageType: eks.MachineImageType.BOTTLEROCKET }); \`\`\` The specific Bottlerocket AMI variant will be auto selected according to the k8s version for the \`x86_64\` architecture. For example, if the Amazon EKS cluster version is \`1.17\`, the Bottlerocket AMI variant will be auto selected as \`aws-k8s-1.17\` behind the scene. > See [Variants](https://github.com/bottlerocket-os/bottlerocket/blob/develop/README.md#variants) for more details. Please note Bottlerocket does not allow to customize bootstrap options and \`bootstrapOptions\` properties is not supported when you create the \`Bottlerocket\` capacity. ### Endpoint Access When you create a new cluster, Amazon EKS creates an endpoint for the managed Kubernetes API server that you use to communicate with your cluster (using Kubernetes management tools such as \`kubectl\`) By default, this API server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC). You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the \`endpointAccess\` property: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, endpointAccess: eks.EndpointAccess.PRIVATE // No access outside of your VPC. }); \`\`\` The default value is \`eks.EndpointAccess.PUBLIC_AND_PRIVATE\`. Which means the cluster endpoint is accessible from outside of your VPC, but worker node traffic and \`kubectl\` commands issued by this library stay within your VPC. ### VPC Support You can specify the VPC of the cluster using the \`vpc\` and \`vpcSubnets\` properties: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }] }); \`\`\` > Note: Isolated VPCs (i.e with no internet access) are not currently supported. See https://github.com/aws/aws-cdk/issues/12171 If you do not specify a VPC, one will be created on your behalf, which you can then access via \`cluster.vpc\`. The cluster VPC will be associated to any EKS managed capacity (i.e Managed Node Groups and Fargate Profiles). If you allocate self managed capacity, you can specify which subnets should the auto-scaling group use: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); cluster.addAutoScalingGroupCapacity('nodes', { vpcSubnets: { subnets: vpc.privateSubnets } }); \`\`\` There are two additional components you might want to provision within the VPC. #### Kubectl Handler The \`KubectlHandler\` is a Lambda function responsible to issuing \`kubectl\` and \`helm\` commands against the cluster when you add resource manifests to the cluster. The handler association to the VPC is derived from the \`endpointAccess\` configuration. The rule of thumb is: *If the cluster VPC can be associated, it will be*. Breaking this down, it means that if the endpoint exposes private access (via \`EndpointAccess.PRIVATE\` or \`EndpointAccess.PUBLIC_AND_PRIVATE\`), and the VPC contains **private** subnets, the Lambda function will be provisioned inside the VPC and use the private subnets to interact with the cluster. This is the common use-case. If the endpoint does not expose private access (via \`EndpointAccess.PUBLIC\`) **or** the VPC does not contain private subnets, the function will not be provisioned within the VPC. #### Cluster Handler The \`ClusterHandler\` is a Lambda function responsible to interact with the EKS API in order to control the cluster lifecycle. To provision this function inside the VPC, set the \`placeClusterHandlerInVpc\` property to \`true\`. This will place the function inside the private subnets of the VPC based on the selection strategy specified in the [\`vpcSubnets\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-eks.Cluster.html#vpcsubnetsspan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) property. You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, clusterHandlerEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` ### Kubectl Support The resources are created in the cluster by running \`kubectl apply\` from a python lambda function. #### Environment You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` #### Runtime The kubectl handler uses \`kubectl\`, \`helm\` and the \`aws\` CLI in order to interact with the cluster. These are bundled into AWS Lambda layers included in the \`@aws-cdk/lambda-layer-awscli\` and \`@aws-cdk/lambda-layer-kubectl\` modules. You can specify a custom \`lambda.LayerVersion\` if you wish to use a different version of these tools. The handler expects the layer to include the following three executables: \`\`\`text helm/helm kubectl/kubectl awscli/aws \`\`\` See more information in the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-awscli/layer) for @aws-cdk/lambda-layer-awscli and the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-kubectl/layer) for @aws-cdk/lambda-layer-kubectl. \`\`\`ts const layer = new lambda.LayerVersion(this, 'KubectlLayer', { code: lambda.Code.fromAsset('layer.zip'), }); \`\`\` Now specify when the cluster is defined: \`\`\`ts const cluster = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, }); // or const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlLayer: layer, }); \`\`\` #### Memory By default, the kubectl provider is configured with 1024MiB of memory. You can use the \`kubectlMemory\` option to specify the memory size for the AWS Lambda function: \`\`\`ts import { Size } from 'aws-cdk-lib'; new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); // or eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); \`\`\` ### ARM64 Support Instance types with \`ARM64\` architecture are supported in both managed nodegroup and self-managed capacity. Simply specify an ARM64 \`instanceType\` (such as \`m6g.medium\`), and the latest Amazon Linux 2 AMI for ARM64 will be automatically selected. \`\`\`ts // add a managed ARM64 nodegroup cluster.addNodegroupCapacity('extra-ng-arm', { instanceTypes: [new ec2.InstanceType('m6g.medium')], minSize: 2, }); // add a self-managed ARM64 nodegroup cluster.addAutoScalingGroupCapacity('self-ng-arm', { instanceType: new ec2.InstanceType('m6g.medium'), minCapacity: 2, }) \`\`\` ### Masters Role When you create a cluster, you can specify a \`mastersRole\`. The \`Cluster\` construct will associate this role with the \`system:masters\` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster. \`\`\`ts const role = new iam.Role(...); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, mastersRole: role, }); \`\`\` If you do not specify it, a default role will be created on your behalf, that can be assumed by anyone in the account with \`sts:AssumeRole\` permissions for this role. This is the role you see as part of the stack outputs mentioned in the [Quick Start](#quick-start). \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` ### Encryption When you create an Amazon EKS cluster, envelope encryption of Kubernetes secrets using the AWS Key Management Service (AWS KMS) can be enabled. The documentation on [creating a cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) can provide more details about the customer master key (CMK) that can be used for the encryption. You can use the \`secretsEncryptionKey\` to configure which key the cluster will use to encrypt Kubernetes secrets. By default, an AWS Managed key will be used. > This setting can only be specified when the cluster is created and cannot be updated. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, // ... }); \`\`\` You can also use a similar configuration for running a cluster built using the FargateCluster construct. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey }); \`\`\` The Amazon Resource Name (ARN) for that CMK can be retrieved. \`\`\`ts const clusterEncryptionConfigKeyArn = cluster.clusterEncryptionConfigKeyArn; \`\`\` ## Permissions and Security Amazon EKS provides several mechanism of securing the cluster and granting permissions to specific IAM users and roles. ### AWS IAM Mapping As described in the [Amazon EKS User Guide](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html), you can map AWS IAM users and roles to [Kubernetes Role-based access control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac). The Amazon EKS construct manages the *aws-auth* \`ConfigMap\` Kubernetes resource on your behalf and exposes an API through the \`cluster.awsAuth\` for mapping users, roles and accounts. Furthermore, when auto-scaling group capacity is added to the cluster, the IAM instance role of the auto-scaling group will be automatically mapped to RBAC so nodes can connect to the cluster. No manual mapping is required. For example, let's say you want to grant an IAM user administrative privileges on your cluster: \`\`\`ts const adminUser = new iam.User(this, 'Admin'); cluster.awsAuth.addUserMapping(adminUser, { groups: [ 'system:masters' ]}); \`\`\` A convenience method for mapping a role to the \`system:masters\` group is also available: \`\`\`ts cluster.awsAuth.addMastersRole(role) \`\`\` ### Cluster Security Group When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) is automatically created as well. This security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. The ID for that security group can be retrieved after creating the cluster. \`\`\`ts const clusterSecurityGroupId = cluster.clusterSecurityGroupId; \`\`\` ### Node SSH Access If you want to be able to SSH into your worker nodes, you must already have an SSH key in the region you're connecting to and pass it when you add capacity to the cluster. You must also be able to connect to the hosts (meaning they must have a public IP and you should be allowed to connect to them on port 22): See [SSH into nodes](test/example.ssh-into-nodes.lit.ts) for a code example. If you want to SSH into nodes in a private subnet, you should set up a bastion host in a public subnet. That setup is recommended, but is unfortunately beyond the scope of this documentation. ### Service Accounts With services account you can provide Kubernetes Pods access to AWS resources. \`\`\`ts // add service account const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); const mypod = cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { serviceAccountName: sa.serviceAccountName containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ], } ] } }); // create the resource after the service account. mypod.node.addDependency(sa); // print the IAM role arn for this service account new cdk.CfnOutput(this, 'ServiceAccountIamRole', { value: sa.role.roleArn }) \`\`\` Note that using \`sa.serviceAccountName\` above **does not** translate into a resource dependency. This is why an explicit dependency is needed. See for more details. You can also add service accounts to existing clusters. To do so, pass the \`openIdConnectProvider\` property when you import the cluster into the application. \`\`\`ts // you can import an existing provider const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC'); // or create a new one using an existing issuer url const provider = new eks.OpenIdConnectProvider(this, 'Provider', issuerUrl); const cluster = eks.Cluster.fromClusterAttributes({ clusterName: 'Cluster', openIdConnectProvider: provider, kubectlRoleArn: 'arn:aws:iam::123456:role/service-role/k8sservicerole', }); const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); // ... \`\`\` Note that adding service accounts requires running \`kubectl\` commands against the cluster. This means you must also pass the \`kubectlRoleArn\` when importing the cluster. See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/master/packages/@aws-cdk/aws-eks#using-existing-clusters). ## Applying Kubernetes Resources The library supports several popular resource deployment mechanisms, among which are: ### Kubernetes Manifests The \`KubernetesManifest\` construct or \`cluster.addManifest\` method can be used to apply Kubernetes resource manifests to this cluster. > When using \`cluster.addManifest\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new KubernetesManifest\` to create the manifest in the scope of the other stack. The following examples will deploy the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) service on the cluster: \`\`\`ts const appLabel = { app: "hello-kubernetes" }; const deployment = { apiVersion: "apps/v1", kind: "Deployment", metadata: { name: "hello-kubernetes" }, spec: { replicas: 3, selector: { matchLabels: appLabel }, template: { metadata: { labels: appLabel }, spec: { containers: [ { name: "hello-kubernetes", image: "paulbouwer/hello-kubernetes:1.5", ports: [ { containerPort: 8080 } ] } ] } } } }; const service = { apiVersion: "v1", kind: "Service", metadata: { name: "hello-kubernetes" }, spec: { type: "LoadBalancer", ports: [ { port: 80, targetPort: 8080 } ], selector: appLabel } }; // option 1: use a construct new KubernetesManifest(this, 'hello-kub', { cluster, manifest: [ deployment, service ] }); // or, option2: use \`addManifest\` cluster.addManifest('hello-kub', service, deployment); \`\`\` #### Adding resources from a URL The following example will deploy the resource manifest hosting on remote server: \`\`\`ts import * as yaml from 'js-yaml'; import * as request from 'sync-request'; const manifestUrl = 'https://url/of/manifest.yaml'; const manifest = yaml.safeLoadAll(request('GET', manifestUrl).getBody()); cluster.addManifest('my-resource', ...manifest); \`\`\` #### Dependencies There are cases where Kubernetes resources must be deployed in a specific order. For example, you cannot define a resource in a Kubernetes namespace before the namespace was created. You can represent dependencies between \`KubernetesManifest\`s using \`resource.node.addDependency()\`: \`\`\`ts const namespace = cluster.addManifest('my-namespace', { apiVersion: 'v1', kind: 'Namespace', metadata: { name: 'my-app' } }); const service = cluster.addManifest('my-service', { metadata: { name: 'myservice', namespace: 'my-app' }, spec: // ... }); service.node.addDependency(namespace); // will apply \`my-namespace\` before \`my-service\`. \`\`\` **NOTE:** when a \`KubernetesManifest\` includes multiple resources (either directly or through \`cluster.addManifest()\`) (e.g. \`cluster.addManifest('foo', r1, r2, r3,...)\`), these resources will be applied as a single manifest via \`kubectl\` and will be applied sequentially (the standard behavior in \`kubectl\`). --- Since Kubernetes manifests are implemented as CloudFormation resources in the CDK. This means that if the manifest is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`kubectl delete\` command and the Kubernetes resources in that manifest will be deleted. #### Resource Pruning When a resource is deleted from a Kubernetes manifest, the EKS module will automatically delete these resources by injecting a _prune label_ to all manifest resources. This label is then passed to [\`kubectl apply --prune\`]. [\`kubectl apply --prune\`]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label Pruning is enabled by default but can be disabled through the \`prune\` option when a cluster is defined: \`\`\`ts new Cluster(this, 'MyCluster', { prune: false }); \`\`\` #### Manifests Validation The \`kubectl\` CLI supports applying a manifest by skipping the validation. This can be accomplished by setting the \`skipValidation\` flag to \`true\` in the \`KubernetesManifest\` props. \`\`\`ts new eks.KubernetesManifest(this, 'HelloAppWithoutValidation', { cluster: this.cluster, manifest: [ deployment, service ], skipValidation: true, }); \`\`\` ### Helm Charts The \`HelmChart\` construct or \`cluster.addHelmChart\` method can be used to add Kubernetes resources to this cluster using Helm. > When using \`cluster.addHelmChart\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new HelmChart\` to create the chart in the scope of the other stack. The following example will install the [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to your cluster using Helm. \`\`\`ts // option 1: use a construct new HelmChart(this, 'NginxIngress', { cluster, chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); // or, option2: use \`addHelmChart\` cluster.addHelmChart('NginxIngress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); \`\`\` Helm charts will be installed and updated using \`helm upgrade --install\`, where a few parameters are being passed down (such as \`repo\`, \`values\`, \`version\`, \`namespace\`, \`wait\`, \`timeout\`, etc). This means that if the chart is added to CDK with the same release name, it will try to update the chart in the cluster. Helm charts are implemented as CloudFormation resources in CDK. This means that if the chart is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`helm uninstall\` command and the Helm chart will be deleted. When there is no \`release\` defined, a unique ID will be allocated for the release based on the construct path. By default, all Helm charts will be installed concurrently. In some cases, this could cause race conditions where two Helm charts attempt to deploy the same resource or if Helm charts depend on each other. You can use \`chart.node.addDependency()\` in order to declare a dependency order between charts: \`\`\`ts const chart1 = cluster.addHelmChart(...); const chart2 = cluster.addHelmChart(...); chart2.node.addDependency(chart1); \`\`\` #### CDK8s Charts [CDK8s](https://cdk8s.io/) is an open-source library that enables Kubernetes manifest authoring using familiar programming languages. It is founded on the same technologies as the AWS CDK, such as [\`constructs\`](https://github.com/aws/constructs) and [\`jsii\`](https://github.com/aws/jsii). > To learn more about cdk8s, visit the [Getting Started](https://github.com/awslabs/cdk8s/tree/master/docs/getting-started) tutorials. The EKS module natively integrates with cdk8s and allows you to apply cdk8s charts on AWS EKS clusters via the \`cluster.addCdk8sChart\` method. In addition to \`cdk8s\`, you can also use [\`cdk8s+\`](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-plus), which provides higher level abstraction for the core kubernetes api objects. You can think of it like the \`L2\` constructs for Kubernetes. Any other \`cdk8s\` based libraries are also supported, for example [\`cdk8s-debore\`](https://github.com/toricls/cdk8s-debore). To get started, add the following dependencies to your \`package.json\` file: \`\`\`json "dependencies": { "cdk8s": "0.30.0", "cdk8s-plus": "0.30.0", "constructs": "3.0.4" } \`\`\` > Note that the version of \`cdk8s\` must be \`>=0.30.0\`. Similarly to how you would create a stack by extending \`@aws-cdk/core.Stack\`, we recommend you create a chart of your own that extends \`cdk8s.Chart\`, and add your kubernetes resources to it. You can use \`aws-cdk\` construct attributes and properties inside your \`cdk8s\` construct freely. In this example we create a chart that accepts an \`s3.Bucket\` and passes its name to a kubernetes pod as an environment variable. Notice that the chart must accept a \`constructs.Construct\` type as its scope, not an \`@aws-cdk/core.Construct\` as you would normally use. For this reason, to avoid possible confusion, we will create the chart in a separate file: \`+ my-chart.ts\` \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface MyChartProps { readonly bucket: s3.Bucket; } export class MyChart extends cdk8s.Chart { constructor(scope: constructs.Construct, id: string, props: MyChartProps) { super(scope, id); new kplus.Pod(this, 'Pod', { spec: { containers: [ new kplus.Container({ image: 'my-image', env: { BUCKET_NAME: kplus.EnvValue.fromValue(props.bucket.bucketName), }, }), ], }, }); } } \`\`\` Then, in your AWS CDK app: \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as cdk8s from 'cdk8s'; import { MyChart } from './my-chart'; // some bucket.. const bucket = new s3.Bucket(this, 'Bucket'); // create a cdk8s chart and use \`cdk8s.App\` as the scope. const myChart = new MyChart(new cdk8s.App(), 'MyChart', { bucket }); // add the cdk8s chart to the cluster cluster.addCdk8sChart('my-chart', myChart); \`\`\` ##### Custom CDK8s Constructs You can also compose a few stock \`cdk8s+\` constructs into your own custom construct. However, since mixing scopes between \`aws-cdk\` and \`cdk8s\` is currently not supported, the \`Construct\` class you'll need to use is the one from the [\`constructs\`](https://github.com/aws/constructs) module, and not from \`@aws-cdk/core\` like you normally would. This is why we used \`new cdk8s.App()\` as the scope of the chart above. \`\`\`ts import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface LoadBalancedWebService { readonly port: number; readonly image: string; readonly replicas: number; } export class LoadBalancedWebService extends constructs.Construct { constructor(scope: constructs.Construct, id: string, props: LoadBalancedWebService) { super(scope, id); const deployment = new kplus.Deployment(chart, 'Deployment', { spec: { replicas: props.replicas, podSpecTemplate: { containers: [ new kplus.Container({ image: props.image }) ] } }, }); deployment.expose({port: props.port, serviceType: kplus.ServiceType.LOAD_BALANCER}) } } \`\`\` ##### Manually importing k8s specs and CRD's If you find yourself unable to use \`cdk8s+\`, or just like to directly use the \`k8s\` native objects or CRD's, you can do so by manually importing them using the \`cdk8s-cli\`. See [Importing kubernetes objects](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-cli#import) for detailed instructions. ## Patching Kubernetes Resources The \`KubernetesPatch\` construct can be used to update existing kubernetes resources. The following example can be used to patch the \`hello-kubernetes\` deployment from the example above with 5 replicas. \`\`\`ts new KubernetesPatch(this, 'hello-kub-deployment-label', { cluster, resourceName: "deployment/hello-kubernetes", applyPatch: { spec: { replicas: 5 } }, restorePatch: { spec: { replicas: 3 } } }) \`\`\` ## Querying Kubernetes Resources The \`KubernetesObjectValue\` construct can be used to query for information about kubernetes objects, and use that as part of your CDK application. For example, you can fetch the address of a [\`LoadBalancer\`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) type service: \`\`\`ts // query the load balancer address const myServiceAddress = new KubernetesObjectValue(this, 'LoadBalancerAttribute', { cluster: cluster, objectType: 'service', objectName: 'my-service', jsonPath: '.status.loadBalancer.ingress[0].hostname', // https://kubernetes.io/docs/reference/kubectl/jsonpath/ }); // pass the address to a lambda function const proxyFunction = new lambda.Function(this, 'ProxyFunction', { ... environment: { myServiceAddress: myServiceAddress.value }, }) \`\`\` Specifically, since the above use-case is quite common, there is an easier way to access that information: \`\`\`ts const loadBalancerAddress = cluster.getServiceLoadBalancerAddress('my-service'); \`\`\` ## Using existing clusters The Amazon EKS library allows defining Kubernetes resources such as [Kubernetes manifests](#kubernetes-resources) and [Helm charts](#helm-charts) on clusters that are not defined as part of your CDK app. First, you'll need to "import" a cluster to your CDK app. To do that, use the \`eks.Cluster.fromClusterAttributes()\` static method: \`\`\`ts const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { clusterName: 'my-cluster-name', kubectlRoleArn: 'arn:aws:iam::1111111:role/iam-role-that-has-masters-access', }); \`\`\` Then, you can use \`addManifest\` or \`addHelmChart\` to define resources inside your Kubernetes cluster. For example: \`\`\`ts cluster.addManifest('Test', { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'myconfigmap', }, data: { Key: 'value', Another: '123454', }, }); \`\`\` At the minimum, when importing clusters for \`kubectl\` management, you will need to specify: * \`clusterName\` - the name of the cluster. * \`kubectlRoleArn\` - the ARN of an IAM role mapped to the \`system:masters\` RBAC role. If the cluster you are importing was created using the AWS CDK, the CloudFormation stack has an output that includes an IAM role that can be used. Otherwise, you can create an IAM role and map it to \`system:masters\` manually. The trust policy of this role should include the the \`arn:aws::iam::\${accountId}:root\` principal in order to allow the execution role of the kubectl resource to assume it. If the cluster is configured with private-only or private and restricted public Kubernetes [endpoint access](#endpoint-access), you must also specify: * \`kubectlSecurityGroupId\` - the ID of an EC2 security group that is allowed connections to the cluster's control security group. For example, the EKS managed [cluster security group](#cluster-security-group). * \`kubectlPrivateSubnetIds\` - a list of private VPC subnets IDs that will be used to access the Kubernetes endpoint. ## Known Issues and Limitations * [One cluster per stack](https://github.com/aws/aws-cdk/issues/10073) * [Service Account dependencies](https://github.com/aws/aws-cdk/issues/9910) * [Support isolated VPCs](https://github.com/aws/aws-cdk/issues/12171) # API Reference ## Constructs ### AwsAuth Manages mapping between IAM users and roles to Kubernetes RBAC configuration. > [https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.AwsAuth; AwsAuth.Builder.create(Construct scope, java.lang.String id) .cluster(Cluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`cluster\`Required - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | addAccount | Additional AWS account to add to the aws-auth configmap. | | addMastersRole | Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. | | addRoleMapping | Adds a mapping between an IAM role to a Kubernetes user and groups. | | addUserMapping | Adds a mapping between an IAM user to a Kubernetes user and groups. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`addAccount\` \`\`\`java public void addAccount(java.lang.String accountId) \`\`\` Additional AWS account to add to the aws-auth configmap. ###### \`accountId\`Required - *Type:* java.lang.String account number. --- ##### \`addMastersRole\` \`\`\`java public void addMastersRole(IRole role) public void addMastersRole(IRole role, java.lang.String username) \`\`\` Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. ###### \`role\`Required - *Type:* software.amazon.awscdk.services.iam.IRole The IAM role to add. --- ###### \`username\`Optional - *Type:* java.lang.String Optional user (defaults to the role ARN). --- ##### \`addRoleMapping\` \`\`\`java public void addRoleMapping(IRole role, AwsAuthMapping mapping) \`\`\` Adds a mapping between an IAM role to a Kubernetes user and groups. ###### \`role\`Required - *Type:* software.amazon.awscdk.services.iam.IRole The IAM role to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- ##### \`addUserMapping\` \`\`\`java public void addUserMapping(IUser user, AwsAuthMapping mapping) \`\`\` Adds a mapping between an IAM user to a Kubernetes user and groups. ###### \`user\`Required - *Type:* software.amazon.awscdk.services.iam.IUser The IAM user to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.AwsAuth; AwsAuth.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ### CfnAddon - *Implements:* software.amazon.awscdk.IInspectable A CloudFormation \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.CfnAddon; CfnAddon.Builder.create(Construct scope, java.lang.String id) .addonName(java.lang.String) .clusterName(java.lang.String) // .addonVersion(java.lang.String) // .resolveConflicts(java.lang.String) // .serviceAccountRoleArn(java.lang.String) // .tags(java.util.List) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | addonName | java.lang.String | \`AWS::EKS::Addon.AddonName\`. | | clusterName | java.lang.String | \`AWS::EKS::Addon.ClusterName\`. | | addonVersion | java.lang.String | \`AWS::EKS::Addon.AddonVersion\`. | | resolveConflicts | java.lang.String | \`AWS::EKS::Addon.ResolveConflicts\`. | | serviceAccountRoleArn | java.lang.String | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | tags | java.util.List | \`AWS::EKS::Addon.Tags\`. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`addonName\`Required - *Type:* java.lang.String \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`clusterName\`Required - *Type:* java.lang.String \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addonVersion\`Optional - *Type:* java.lang.String \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolveConflicts\`Optional - *Type:* java.lang.String \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`serviceAccountRoleArn\`Optional - *Type:* java.lang.String \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`tags\`Optional - *Type:* java.util.List \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`java // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", List.of("myattribute")); cfnResource.addOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.CfnAddon; CfnAddon.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.eks.CfnAddon; CfnAddon.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.eks.CfnAddon; CfnAddon.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | tags | software.amazon.awscdk.TagManager | \`AWS::EKS::Addon.Tags\`. | | addonName | java.lang.String | \`AWS::EKS::Addon.AddonName\`. | | clusterName | java.lang.String | \`AWS::EKS::Addon.ClusterName\`. | | addonVersion | java.lang.String | \`AWS::EKS::Addon.AddonVersion\`. | | resolveConflicts | java.lang.String | \`AWS::EKS::Addon.ResolveConflicts\`. | | serviceAccountRoleArn | java.lang.String | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.TagManager \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ##### \`addonName\`Required \`\`\`java public java.lang.String getAddonName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addonVersion\`Optional \`\`\`java public java.lang.String getAddonVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolveConflicts\`Optional \`\`\`java public java.lang.String getResolveConflicts(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`serviceAccountRoleArn\`Optional \`\`\`java public java.lang.String getServiceAccountRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnCluster - *Implements:* software.amazon.awscdk.IInspectable A CloudFormation \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster; CfnCluster.Builder.create(Construct scope, java.lang.String id) .resourcesVpcConfig(ResourcesVpcConfigProperty) .resourcesVpcConfig(IResolvable) .roleArn(java.lang.String) // .encryptionConfig(IResolvable) // .encryptionConfig(java.util.List) // .kubernetesNetworkConfig(KubernetesNetworkConfigProperty) // .kubernetesNetworkConfig(IResolvable) // .name(java.lang.String) // .version(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | resourcesVpcConfig | ResourcesVpcConfigProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | roleArn | java.lang.String | \`AWS::EKS::Cluster.RoleArn\`. | | encryptionConfig | software.amazon.awscdk.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.IResolvable> | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetesNetworkConfig | KubernetesNetworkConfigProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | java.lang.String | \`AWS::EKS::Cluster.Name\`. | | version | java.lang.String | \`AWS::EKS::Cluster.Version\`. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`resourcesVpcConfig\`Required - *Type:* ResourcesVpcConfigProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`roleArn\`Required - *Type:* java.lang.String \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryptionConfig\`Optional - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.IResolvable> \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetesNetworkConfig\`Optional - *Type:* KubernetesNetworkConfigProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional - *Type:* java.lang.String \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional - *Type:* java.lang.String \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`java // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", List.of("myattribute")); cfnResource.addOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster; CfnCluster.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster; CfnCluster.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster; CfnCluster.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | attrCertificateAuthorityData | java.lang.String | *No description.* | | attrClusterSecurityGroupId | java.lang.String | *No description.* | | attrEncryptionConfigKeyArn | java.lang.String | *No description.* | | attrEndpoint | java.lang.String | *No description.* | | attrOpenIdConnectIssuerUrl | java.lang.String | *No description.* | | resourcesVpcConfig | ResourcesVpcConfigProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | roleArn | java.lang.String | \`AWS::EKS::Cluster.RoleArn\`. | | encryptionConfig | software.amazon.awscdk.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.IResolvable> | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetesNetworkConfig | KubernetesNetworkConfigProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | java.lang.String | \`AWS::EKS::Cluster.Name\`. | | version | java.lang.String | \`AWS::EKS::Cluster.Version\`. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`attrCertificateAuthorityData\`Required \`\`\`java public java.lang.String getAttrCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String --- ##### \`attrClusterSecurityGroupId\`Required \`\`\`java public java.lang.String getAttrClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String --- ##### \`attrEncryptionConfigKeyArn\`Required \`\`\`java public java.lang.String getAttrEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String --- ##### \`attrEndpoint\`Required \`\`\`java public java.lang.String getAttrEndpoint(); \`\`\` - *Type:* java.lang.String --- ##### \`attrOpenIdConnectIssuerUrl\`Required \`\`\`java public java.lang.String getAttrOpenIdConnectIssuerUrl(); \`\`\` - *Type:* java.lang.String --- ##### \`resourcesVpcConfig\`Required \`\`\`java public java.lang.Object getResourcesVpcConfig(); \`\`\` - *Type:* ResourcesVpcConfigProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`roleArn\`Required \`\`\`java public java.lang.String getRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryptionConfig\`Optional \`\`\`java public java.lang.Object getEncryptionConfig(); \`\`\` - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.IResolvable> \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetesNetworkConfig\`Optional \`\`\`java public java.lang.Object getKubernetesNetworkConfig(); \`\`\` - *Type:* KubernetesNetworkConfigProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnFargateProfile - *Implements:* software.amazon.awscdk.IInspectable A CloudFormation \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile; CfnFargateProfile.Builder.create(Construct scope, java.lang.String id) .clusterName(java.lang.String) .podExecutionRoleArn(java.lang.String) .selectors(IResolvable) .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .subnets(java.util.List) // .tags(java.util.List) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | clusterName | java.lang.String | \`AWS::EKS::FargateProfile.ClusterName\`. | | podExecutionRoleArn | java.lang.String | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | software.amazon.awscdk.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.IResolvable> | \`AWS::EKS::FargateProfile.Selectors\`. | | fargateProfileName | java.lang.String | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | java.util.List | \`AWS::EKS::FargateProfile.Subnets\`. | | tags | java.util.List | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`clusterName\`Required - *Type:* java.lang.String \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`podExecutionRoleArn\`Required - *Type:* java.lang.String \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.IResolvable> \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargateProfileName\`Optional - *Type:* java.lang.String \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional - *Type:* java.util.List \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`tags\`Optional - *Type:* java.util.List \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`java // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", List.of("myattribute")); cfnResource.addOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile; CfnFargateProfile.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile; CfnFargateProfile.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile; CfnFargateProfile.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | tags | software.amazon.awscdk.TagManager | \`AWS::EKS::FargateProfile.Tags\`. | | clusterName | java.lang.String | \`AWS::EKS::FargateProfile.ClusterName\`. | | podExecutionRoleArn | java.lang.String | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | software.amazon.awscdk.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.IResolvable> | \`AWS::EKS::FargateProfile.Selectors\`. | | fargateProfileName | java.lang.String | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | java.util.List | \`AWS::EKS::FargateProfile.Subnets\`. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.TagManager \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`podExecutionRoleArn\`Required \`\`\`java public java.lang.String getPodExecutionRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required \`\`\`java public java.lang.Object getSelectors(); \`\`\` - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.IResolvable> \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargateProfileName\`Optional \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional \`\`\`java public java.util.List getSubnets(); \`\`\` - *Type:* java.util.List \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnNodegroup - *Implements:* software.amazon.awscdk.IInspectable A CloudFormation \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup; CfnNodegroup.Builder.create(Construct scope, java.lang.String id) .clusterName(java.lang.String) .nodeRole(java.lang.String) .subnets(java.util.List) // .amiType(java.lang.String) // .capacityType(java.lang.String) // .diskSize(java.lang.Number) // .forceUpdateEnabled(java.lang.Boolean) // .forceUpdateEnabled(IResolvable) // .instanceTypes(java.util.List) // .labels(java.lang.Object) // .launchTemplate(LaunchTemplateSpecificationProperty) // .launchTemplate(IResolvable) // .nodegroupName(java.lang.String) // .releaseVersion(java.lang.String) // .remoteAccess(RemoteAccessProperty) // .remoteAccess(IResolvable) // .scalingConfig(ScalingConfigProperty) // .scalingConfig(IResolvable) // .tags(java.lang.Object) // .taints(IResolvable) // .taints(java.util.List) // .version(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | clusterName | java.lang.String | \`AWS::EKS::Nodegroup.ClusterName\`. | | nodeRole | java.lang.String | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | java.util.List | \`AWS::EKS::Nodegroup.Subnets\`. | | amiType | java.lang.String | \`AWS::EKS::Nodegroup.AmiType\`. | | capacityType | java.lang.String | \`AWS::EKS::Nodegroup.CapacityType\`. | | diskSize | java.lang.Number | \`AWS::EKS::Nodegroup.DiskSize\`. | | forceUpdateEnabled | java.lang.Boolean OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instanceTypes | java.util.List | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | labels | java.lang.Object | \`AWS::EKS::Nodegroup.Labels\`. | | launchTemplate | LaunchTemplateSpecificationProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroupName | java.lang.String | \`AWS::EKS::Nodegroup.NodegroupName\`. | | releaseVersion | java.lang.String | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remoteAccess | RemoteAccessProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scalingConfig | ScalingConfigProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | tags | java.lang.Object | \`AWS::EKS::Nodegroup.Tags\`. | | taints | software.amazon.awscdk.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.IResolvable> | \`AWS::EKS::Nodegroup.Taints\`. | | version | java.lang.String | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`clusterName\`Required - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`nodeRole\`Required - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required - *Type:* java.util.List \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`amiType\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacityType\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`diskSize\`Optional - *Type:* java.lang.Number \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`forceUpdateEnabled\`Optional - *Type:* java.lang.Boolean OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instanceTypes\`Optional - *Type:* java.util.List \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`launchTemplate\`Optional - *Type:* LaunchTemplateSpecificationProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroupName\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`releaseVersion\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remoteAccess\`Optional - *Type:* RemoteAccessProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scalingConfig\`Optional - *Type:* ScalingConfigProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`tags\`Optional - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`taints\`Optional - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.IResolvable> \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`java // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", List.of("myattribute")); cfnResource.addOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup; CfnNodegroup.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup; CfnNodegroup.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup; CfnNodegroup.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | attrClusterName | java.lang.String | *No description.* | | attrNodegroupName | java.lang.String | *No description.* | | tags | software.amazon.awscdk.TagManager | \`AWS::EKS::Nodegroup.Tags\`. | | clusterName | java.lang.String | \`AWS::EKS::Nodegroup.ClusterName\`. | | labels | java.lang.Object | \`AWS::EKS::Nodegroup.Labels\`. | | nodeRole | java.lang.String | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | java.util.List | \`AWS::EKS::Nodegroup.Subnets\`. | | amiType | java.lang.String | \`AWS::EKS::Nodegroup.AmiType\`. | | capacityType | java.lang.String | \`AWS::EKS::Nodegroup.CapacityType\`. | | diskSize | java.lang.Number | \`AWS::EKS::Nodegroup.DiskSize\`. | | forceUpdateEnabled | java.lang.Boolean OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instanceTypes | java.util.List | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | launchTemplate | LaunchTemplateSpecificationProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroupName | java.lang.String | \`AWS::EKS::Nodegroup.NodegroupName\`. | | releaseVersion | java.lang.String | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remoteAccess | RemoteAccessProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scalingConfig | ScalingConfigProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | taints | software.amazon.awscdk.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.IResolvable> | \`AWS::EKS::Nodegroup.Taints\`. | | version | java.lang.String | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`attrClusterName\`Required \`\`\`java public java.lang.String getAttrClusterName(); \`\`\` - *Type:* java.lang.String --- ##### \`attrNodegroupName\`Required \`\`\`java public java.lang.String getAttrNodegroupName(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.TagManager \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`labels\`Required \`\`\`java public java.lang.Object getLabels(); \`\`\` - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`nodeRole\`Required \`\`\`java public java.lang.String getNodeRole(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required \`\`\`java public java.util.List getSubnets(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`amiType\`Optional \`\`\`java public java.lang.String getAmiType(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacityType\`Optional \`\`\`java public java.lang.String getCapacityType(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`diskSize\`Optional \`\`\`java public java.lang.Number getDiskSize(); \`\`\` - *Type:* java.lang.Number \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`forceUpdateEnabled\`Optional \`\`\`java public java.lang.Object getForceUpdateEnabled(); \`\`\` - *Type:* java.lang.Boolean OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instanceTypes\`Optional \`\`\`java public java.util.List getInstanceTypes(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`launchTemplate\`Optional \`\`\`java public java.lang.Object getLaunchTemplate(); \`\`\` - *Type:* LaunchTemplateSpecificationProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroupName\`Optional \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`releaseVersion\`Optional \`\`\`java public java.lang.String getReleaseVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remoteAccess\`Optional \`\`\`java public java.lang.Object getRemoteAccess(); \`\`\` - *Type:* RemoteAccessProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scalingConfig\`Optional \`\`\`java public java.lang.Object getScalingConfig(); \`\`\` - *Type:* ScalingConfigProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`taints\`Optional \`\`\`java public java.lang.Object getTaints(); \`\`\` - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.IResolvable> \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### Cluster - *Implements:* ICluster A Cluster represents a managed Kubernetes Service (EKS). This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.Cluster; Cluster.Builder.create(Construct scope, java.lang.String id) .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) // .defaultCapacity(java.lang.Number) // .defaultCapacityInstance(InstanceType) // .defaultCapacityType(DefaultCapacityType) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | a Construct, most likely a cdk.Stack created. | | id | java.lang.String | the id of the Construct to create. | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultCapacity | java.lang.Number | Number of instances to allocate as an initial capacity for this cluster. | | defaultCapacityInstance | software.amazon.awscdk.services.ec2.InstanceType | The instance type to use for the default capacity. | | defaultCapacityType | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct a Construct, most likely a cdk.Stack created. --- ##### \`id\`Required - *Type:* java.lang.String the id of the Construct to create. --- ##### \`version\`Required - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional - *Type:* software.amazon.awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultCapacity\`Optional - *Type:* java.lang.Number - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`defaultCapacityInstance\`Optional - *Type:* software.amazon.awscdk.services.ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`defaultCapacityType\`Optional - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | addCdk8sChart | Defines a CDK8s chart in this cluster. | | addFargateProfile | Adds a Fargate profile to this cluster. | | addHelmChart | Defines a Helm chart in this cluster. | | addManifest | Defines a Kubernetes resource in this cluster. | | addNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | addServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | connectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | getServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.RemovalPolicy --- ##### \`addAutoScalingGroupCapacity\` \`\`\`java public AutoScalingGroup addAutoScalingGroupCapacity(java.lang.String id, AutoScalingGroupCapacityOptions options) \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`addCdk8sChart\` \`\`\`java public KubernetesManifest addCdk8sChart(java.lang.String id, Construct chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`chart\`Required - *Type:* software.constructs.Construct the cdk8s chart. --- ##### \`addFargateProfile\` \`\`\`java public FargateProfile addFargateProfile(java.lang.String id, FargateProfileOptions options) \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* java.lang.String the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`addHelmChart\` \`\`\`java public HelmChart addHelmChart(java.lang.String id, HelmChartOptions options) \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`addManifest\` \`\`\`java public KubernetesManifest addManifest(java.lang.String id, java.util.Map manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* java.lang.String logical id of this manifest. --- ###### \`manifest\`Required - *Type:* java.util.Map a list of Kubernetes resource specifications. --- ##### \`addNodegroupCapacity\` \`\`\`java public Nodegroup addNodegroupCapacity(java.lang.String id) public Nodegroup addNodegroupCapacity(java.lang.String id, NodegroupOptions options) \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* java.lang.String The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`addServiceAccount\` \`\`\`java public ServiceAccount addServiceAccount(java.lang.String id) public ServiceAccount addServiceAccount(java.lang.String id, ServiceAccountOptions options) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`connectAutoScalingGroupCapacity\` \`\`\`java public void connectAutoScalingGroupCapacity(AutoScalingGroup autoScalingGroup, AutoScalingGroupOptions options) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* software.amazon.awscdk.services.autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`getServiceLoadBalancerAddress\` \`\`\`java public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName) public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName, ServiceLoadBalancerAddressOptions options) \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* java.lang.String The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isResource | Check whether the given construct is a Resource. | | fromClusterAttributes | Import an existing cluster. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.Cluster; Cluster.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.eks.Cluster; Cluster.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- ##### \`fromClusterAttributes\` \`\`\`java import software.amazon.awscdk.services.eks.Cluster; Cluster.fromClusterAttributes(Construct scope, java.lang.String id, ClusterAttributes attrs) \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* software.constructs.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* java.lang.String the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | env | software.amazon.awscdk.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.Stack | The stack in which this resource is defined. | | adminRole | software.amazon.awscdk.services.iam.Role | An IAM role with administrative permissions to create or update the cluster. | | awsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | clusterArn | java.lang.String | The AWS generated ARN for the Cluster resource. | | clusterCertificateAuthorityData | java.lang.String | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | java.lang.String | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | java.lang.String | The endpoint URL for the Cluster. | | clusterName | java.lang.String | The Name of the created EKS Cluster. | | clusterOpenIdConnectIssuer | java.lang.String | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | clusterOpenIdConnectIssuerUrl | java.lang.String | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | clusterSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | clusterSecurityGroupId | java.lang.String | The id of the cluster security group that was created by Amazon EKS for the cluster. | | connections | software.amazon.awscdk.services.ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | openIdConnectProvider | software.amazon.awscdk.services.iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | prune | java.lang.Boolean | Determines if Kubernetes resources can be pruned automatically. | | role | software.amazon.awscdk.services.iam.IRole | IAM role assumed by the EKS Control Plane. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which this Cluster was created. | | defaultCapacity | software.amazon.awscdk.services.autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | defaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | kubectlEnvironment | java.util.Map | Custom environment variables when running \`kubectl\` against this cluster. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.Size | The amount of memory allocated to the kubectl provider's lambda function. | | kubectlPrivateSubnets | java.util.List | Subnets to host the \`kubectl\` compute resources. | | kubectlRole | software.amazon.awscdk.services.iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectlSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this resource is defined. --- ##### \`adminRole\`Required \`\`\`java public Role getAdminRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`awsAuth\`Required \`\`\`java public AwsAuth getAwsAuth(); \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`clusterArn\`Required \`\`\`java public java.lang.String getClusterArn(); \`\`\` - *Type:* java.lang.String The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666;cluster / prod; \`\`\` ##### \`clusterCertificateAuthorityData\`Required \`\`\`java public java.lang.String getClusterCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Required \`\`\`java public java.lang.String getClusterEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Required \`\`\`java public java.lang.String getClusterEndpoint(); \`\`\` - *Type:* java.lang.String The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String The Name of the created EKS Cluster. --- ##### \`clusterOpenIdConnectIssuer\`Required \`\`\`java public java.lang.String getClusterOpenIdConnectIssuer(); \`\`\` - *Type:* java.lang.String If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterOpenIdConnectIssuerUrl\`Required \`\`\`java public java.lang.String getClusterOpenIdConnectIssuerUrl(); \`\`\` - *Type:* java.lang.String If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterSecurityGroup\`Required \`\`\`java public ISecurityGroup getClusterSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`clusterSecurityGroupId\`Required \`\`\`java public java.lang.String getClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`connections\`Required \`\`\`java public Connections getConnections(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`openIdConnectProvider\`Required \`\`\`java public IOpenIdConnectProvider getOpenIdConnectProvider(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`prune\`Required \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean Determines if Kubernetes resources can be pruned automatically. --- ##### \`role\`Required \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`vpc\`Required \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc The VPC in which this Cluster was created. --- ##### \`defaultCapacity\`Optional \`\`\`java public AutoScalingGroup getDefaultCapacity(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`defaultNodegroup\`Optional \`\`\`java public Nodegroup getDefaultNodegroup(); \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`kubectlPrivateSubnets\`Optional \`\`\`java public java.util.List getKubectlPrivateSubnets(); \`\`\` - *Type:* java.util.List - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`kubectlRole\`Optional \`\`\`java public IRole getKubectlRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectlSecurityGroup\`Optional \`\`\`java public ISecurityGroup getKubectlSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateCluster Defines an EKS cluster that runs entirely on AWS Fargate. The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using \`addFargateProfile\`. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.FargateCluster; FargateCluster.Builder.create(Construct scope, java.lang.String id) .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) // .defaultProfile(FargateProfileOptions) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultProfile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`version\`Required - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional - *Type:* software.amazon.awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultProfile\`Optional - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | addCdk8sChart | Defines a CDK8s chart in this cluster. | | addFargateProfile | Adds a Fargate profile to this cluster. | | addHelmChart | Defines a Helm chart in this cluster. | | addManifest | Defines a Kubernetes resource in this cluster. | | addNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | addServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | connectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | getServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.RemovalPolicy --- ##### \`addAutoScalingGroupCapacity\` \`\`\`java public AutoScalingGroup addAutoScalingGroupCapacity(java.lang.String id, AutoScalingGroupCapacityOptions options) \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`addCdk8sChart\` \`\`\`java public KubernetesManifest addCdk8sChart(java.lang.String id, Construct chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`chart\`Required - *Type:* software.constructs.Construct the cdk8s chart. --- ##### \`addFargateProfile\` \`\`\`java public FargateProfile addFargateProfile(java.lang.String id, FargateProfileOptions options) \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* java.lang.String the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`addHelmChart\` \`\`\`java public HelmChart addHelmChart(java.lang.String id, HelmChartOptions options) \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`addManifest\` \`\`\`java public KubernetesManifest addManifest(java.lang.String id, java.util.Map manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* java.lang.String logical id of this manifest. --- ###### \`manifest\`Required - *Type:* java.util.Map a list of Kubernetes resource specifications. --- ##### \`addNodegroupCapacity\` \`\`\`java public Nodegroup addNodegroupCapacity(java.lang.String id) public Nodegroup addNodegroupCapacity(java.lang.String id, NodegroupOptions options) \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* java.lang.String The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`addServiceAccount\` \`\`\`java public ServiceAccount addServiceAccount(java.lang.String id) public ServiceAccount addServiceAccount(java.lang.String id, ServiceAccountOptions options) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`connectAutoScalingGroupCapacity\` \`\`\`java public void connectAutoScalingGroupCapacity(AutoScalingGroup autoScalingGroup, AutoScalingGroupOptions options) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* software.amazon.awscdk.services.autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`getServiceLoadBalancerAddress\` \`\`\`java public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName) public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName, ServiceLoadBalancerAddressOptions options) \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* java.lang.String The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isResource | Check whether the given construct is a Resource. | | fromClusterAttributes | Import an existing cluster. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.FargateCluster; FargateCluster.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.eks.FargateCluster; FargateCluster.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- ##### \`fromClusterAttributes\` \`\`\`java import software.amazon.awscdk.services.eks.FargateCluster; FargateCluster.fromClusterAttributes(Construct scope, java.lang.String id, ClusterAttributes attrs) \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* software.constructs.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* java.lang.String the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | env | software.amazon.awscdk.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.Stack | The stack in which this resource is defined. | | adminRole | software.amazon.awscdk.services.iam.Role | An IAM role with administrative permissions to create or update the cluster. | | awsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | clusterArn | java.lang.String | The AWS generated ARN for the Cluster resource. | | clusterCertificateAuthorityData | java.lang.String | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | java.lang.String | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | java.lang.String | The endpoint URL for the Cluster. | | clusterName | java.lang.String | The Name of the created EKS Cluster. | | clusterOpenIdConnectIssuer | java.lang.String | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | clusterOpenIdConnectIssuerUrl | java.lang.String | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | clusterSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | clusterSecurityGroupId | java.lang.String | The id of the cluster security group that was created by Amazon EKS for the cluster. | | connections | software.amazon.awscdk.services.ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | openIdConnectProvider | software.amazon.awscdk.services.iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | prune | java.lang.Boolean | Determines if Kubernetes resources can be pruned automatically. | | role | software.amazon.awscdk.services.iam.IRole | IAM role assumed by the EKS Control Plane. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which this Cluster was created. | | defaultCapacity | software.amazon.awscdk.services.autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | defaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | kubectlEnvironment | java.util.Map | Custom environment variables when running \`kubectl\` against this cluster. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.Size | The amount of memory allocated to the kubectl provider's lambda function. | | kubectlPrivateSubnets | java.util.List | Subnets to host the \`kubectl\` compute resources. | | kubectlRole | software.amazon.awscdk.services.iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectlSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this resource is defined. --- ##### \`adminRole\`Required \`\`\`java public Role getAdminRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`awsAuth\`Required \`\`\`java public AwsAuth getAwsAuth(); \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`clusterArn\`Required \`\`\`java public java.lang.String getClusterArn(); \`\`\` - *Type:* java.lang.String The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666;cluster / prod; \`\`\` ##### \`clusterCertificateAuthorityData\`Required \`\`\`java public java.lang.String getClusterCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Required \`\`\`java public java.lang.String getClusterEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Required \`\`\`java public java.lang.String getClusterEndpoint(); \`\`\` - *Type:* java.lang.String The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String The Name of the created EKS Cluster. --- ##### \`clusterOpenIdConnectIssuer\`Required \`\`\`java public java.lang.String getClusterOpenIdConnectIssuer(); \`\`\` - *Type:* java.lang.String If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterOpenIdConnectIssuerUrl\`Required \`\`\`java public java.lang.String getClusterOpenIdConnectIssuerUrl(); \`\`\` - *Type:* java.lang.String If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterSecurityGroup\`Required \`\`\`java public ISecurityGroup getClusterSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`clusterSecurityGroupId\`Required \`\`\`java public java.lang.String getClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`connections\`Required \`\`\`java public Connections getConnections(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`openIdConnectProvider\`Required \`\`\`java public IOpenIdConnectProvider getOpenIdConnectProvider(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`prune\`Required \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean Determines if Kubernetes resources can be pruned automatically. --- ##### \`role\`Required \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`vpc\`Required \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc The VPC in which this Cluster was created. --- ##### \`defaultCapacity\`Optional \`\`\`java public AutoScalingGroup getDefaultCapacity(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`defaultNodegroup\`Optional \`\`\`java public Nodegroup getDefaultNodegroup(); \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`kubectlPrivateSubnets\`Optional \`\`\`java public java.util.List getKubectlPrivateSubnets(); \`\`\` - *Type:* java.util.List - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`kubectlRole\`Optional \`\`\`java public IRole getKubectlRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectlSecurityGroup\`Optional \`\`\`java public ISecurityGroup getKubectlSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateProfile - *Implements:* software.amazon.awscdk.ITaggable Fargate profiles allows an administrator to declare which pods run on Fargate. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate. If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.FargateProfile; FargateProfile.Builder.create(Construct scope, java.lang.String id) .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .podExecutionRole(IRole) // .subnetSelection(SubnetSelection) // .vpc(IVpc) .cluster(Cluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | selectors | java.util.List<Selector> | The selectors to match for pods to use this Fargate profile. | | fargateProfileName | java.lang.String | The name of the Fargate profile. | | podExecutionRole | software.amazon.awscdk.services.iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnetSelection | software.amazon.awscdk.services.ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`selectors\`Required - *Type:* java.util.List<Selector> The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargateProfileName\`Optional - *Type:* java.lang.String - *Default:* generated The name of the Fargate profile. --- ##### \`podExecutionRole\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnetSelection\`Optional - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`cluster\`Required - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.FargateProfile; FargateProfile.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | fargateProfileArn | java.lang.String | The full Amazon Resource Name (ARN) of the Fargate profile. | | fargateProfileName | java.lang.String | The name of the Fargate profile. | | podExecutionRole | software.amazon.awscdk.services.iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | tags | software.amazon.awscdk.TagManager | Resource tags. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`fargateProfileArn\`Required \`\`\`java public java.lang.String getFargateProfileArn(); \`\`\` - *Type:* java.lang.String The full Amazon Resource Name (ARN) of the Fargate profile. --- ##### \`fargateProfileName\`Required \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String The name of the Fargate profile. --- ##### \`podExecutionRole\`Required \`\`\`java public IRole getPodExecutionRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.TagManager Resource tags. --- ### HelmChart Represents a helm chart within the Kubernetes system. Applies/deletes the resources using \`kubectl\` in sync with the resource. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.HelmChart; HelmChart.Builder.create(Construct scope, java.lang.String id) .chart(java.lang.String) // .createNamespace(java.lang.Boolean) // .namespace(java.lang.String) // .release(java.lang.String) // .repository(java.lang.String) // .timeout(Duration) // .values(java.util.Map) // .version(java.lang.String) // .wait(java.lang.Boolean) .cluster(ICluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | chart | java.lang.String | The name of the chart. | | createNamespace | java.lang.Boolean | create namespace if not exist. | | namespace | java.lang.String | The Kubernetes namespace scope of the requests. | | release | java.lang.String | The name of the release. | | repository | java.lang.String | The repository which contains the chart. | | timeout | software.amazon.awscdk.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | java.util.Map | The values to be used by the chart. | | version | java.lang.String | The chart version to install. | | wait | java.lang.Boolean | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`chart\`Required - *Type:* java.lang.String The name of the chart. --- ##### \`createNamespace\`Optional - *Type:* java.lang.Boolean - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional - *Type:* java.lang.String - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional - *Type:* java.lang.String - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional - *Type:* java.lang.String - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional - *Type:* software.amazon.awscdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional - *Type:* java.util.Map - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional - *Type:* java.lang.String - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional - *Type:* java.lang.Boolean - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`cluster\`Required - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.HelmChart; HelmChart.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | java.lang.String | The CloudFormation resource type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`java public java.lang.String getResourceType(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type. --- ### KubernetesManifest Represents a manifest within the Kubernetes system. Alternatively, you can use \`cluster.addManifest(resource[, resource, ...])\` to define resources on this cluster. Applies/deletes the manifest using \`kubectl\`. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.KubernetesManifest; KubernetesManifest.Builder.create(Construct scope, java.lang.String id) // .prune(java.lang.Boolean) // .skipValidation(java.lang.Boolean) .cluster(ICluster) .manifest(java.util.List>) // .overwrite(java.lang.Boolean) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | prune | java.lang.Boolean | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skipValidation | java.lang.Boolean | A flag to signify if the manifest validation should be skipped. | | cluster | ICluster | The EKS cluster to apply this manifest to. | | manifest | java.util.List> | The manifest to apply. | | overwrite | java.lang.Boolean | Overwrite any existing resources. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`prune\`Optional - *Type:* java.lang.Boolean - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skipValidation\`Optional - *Type:* java.lang.Boolean - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`cluster\`Required - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`manifest\`Required - *Type:* java.util.List> The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`java List.of(Map.of( "apiVersion", "v1", "kind", "Pod", "metadata", Map.of("name", "mypod"), "spec", Map.of( "containers", List.of(Map.of("name", "hello", "image", "paulbouwer/hello-kubernetes:1.5", "ports", List.of(Map.of("containerPort", 8080))))))); \`\`\` ##### \`overwrite\`Optional - *Type:* java.lang.Boolean - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.KubernetesManifest; KubernetesManifest.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | java.lang.String | The CloudFormation reosurce type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`java public java.lang.String getResourceType(); \`\`\` - *Type:* java.lang.String The CloudFormation reosurce type. --- ### KubernetesObjectValue Represents a value of a specific object deployed in the cluster. Use this to fetch any information available by the \`kubectl get\` command. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.KubernetesObjectValue; KubernetesObjectValue.Builder.create(Construct scope, java.lang.String id) .cluster(ICluster) .jsonPath(java.lang.String) .objectName(java.lang.String) .objectType(java.lang.String) // .objectNamespace(java.lang.String) // .timeout(Duration) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | cluster | ICluster | The EKS cluster to fetch attributes from. | | jsonPath | java.lang.String | JSONPath to the specific value. | | objectName | java.lang.String | The name of the object to query. | | objectType | java.lang.String | The object type to query. | | objectNamespace | java.lang.String | The namespace the object belongs to. | | timeout | software.amazon.awscdk.Duration | Timeout for waiting on a value. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`cluster\`Required - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`jsonPath\`Required - *Type:* java.lang.String JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`objectName\`Required - *Type:* java.lang.String The name of the object to query. --- ##### \`objectType\`Required - *Type:* java.lang.String The object type to query. (e.g 'service', 'pod'...) --- ##### \`objectNamespace\`Optional - *Type:* java.lang.String - *Default:* 'default' The namespace the object belongs to. --- ##### \`timeout\`Optional - *Type:* software.amazon.awscdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.KubernetesObjectValue; KubernetesObjectValue.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | value | java.lang.String | The value as a string token. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`value\`Required \`\`\`java public java.lang.String getValue(); \`\`\` - *Type:* java.lang.String The value as a string token. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | java.lang.String | The CloudFormation reosurce type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`java public java.lang.String getResourceType(); \`\`\` - *Type:* java.lang.String The CloudFormation reosurce type. --- ### KubernetesPatch A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource. > [https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.KubernetesPatch; KubernetesPatch.Builder.create(Construct scope, java.lang.String id) .applyPatch(java.util.Map) .cluster(ICluster) .resourceName(java.lang.String) .restorePatch(java.util.Map) // .patchType(PatchType) // .resourceNamespace(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | applyPatch | java.util.Map | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | cluster | ICluster | The cluster to apply the patch to. | | resourceName | java.lang.String | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | restorePatch | java.util.Map | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | patchType | PatchType | The patch type to pass to \`kubectl patch\`. | | resourceNamespace | java.lang.String | The kubernetes API namespace. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`applyPatch\`Required - *Type:* java.util.Map The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`cluster\`Required - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`resourceName\`Required - *Type:* java.lang.String The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`restorePatch\`Required - *Type:* java.util.Map The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`patchType\`Optional - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`resourceNamespace\`Optional - *Type:* java.lang.String - *Default:* "default" The kubernetes API namespace. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.KubernetesPatch; KubernetesPatch.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ### Nodegroup - *Implements:* INodegroup The Nodegroup resource class. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.Nodegroup; Nodegroup.Builder.create(Construct scope, java.lang.String id) // .amiType(NodegroupAmiType) // .capacityType(CapacityType) // .desiredSize(java.lang.Number) // .diskSize(java.lang.Number) // .forceUpdate(java.lang.Boolean) // .instanceTypes(java.util.List) // .labels(java.util.Map) // .launchTemplateSpec(LaunchTemplateSpec) // .maxSize(java.lang.Number) // .minSize(java.lang.Number) // .nodegroupName(java.lang.String) // .nodeRole(IRole) // .releaseVersion(java.lang.String) // .remoteAccess(NodegroupRemoteAccess) // .subnets(SubnetSelection) // .tags(java.util.Map) .cluster(ICluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | amiType | NodegroupAmiType | The AMI type for your node group. | | capacityType | CapacityType | The capacity type of the nodegroup. | | desiredSize | java.lang.Number | The current number of worker nodes that the managed node group should maintain. | | diskSize | java.lang.Number | The root device disk size (in GiB) for your node group instances. | | forceUpdate | java.lang.Boolean | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instanceTypes | java.util.List | The instance types to use for your node group. | | labels | java.util.Map | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | maxSize | java.lang.Number | The maximum number of worker nodes that the managed node group can scale out to. | | minSize | java.lang.Number | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroupName | java.lang.String | Name of the Nodegroup. | | nodeRole | software.amazon.awscdk.services.iam.IRole | The IAM role to associate with your node group. | | releaseVersion | java.lang.String | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | software.amazon.awscdk.services.ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | java.util.Map | The metadata to apply to the node group to assist with categorization and organization. | | cluster | ICluster | Cluster resource. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`amiType\`Optional - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacityType\`Optional - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desiredSize\`Optional - *Type:* java.lang.Number - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`diskSize\`Optional - *Type:* java.lang.Number - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`forceUpdate\`Optional - *Type:* java.lang.Boolean - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`instanceTypes\`Optional - *Type:* java.util.List - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional - *Type:* java.util.Map - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launchTemplateSpec\`Optional - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`maxSize\`Optional - *Type:* java.lang.Number - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`minSize\`Optional - *Type:* java.lang.Number - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroupName\`Optional - *Type:* java.lang.String - *Default:* resource ID Name of the Nodegroup. --- ##### \`nodeRole\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`releaseVersion\`Optional - *Type:* java.lang.String - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remoteAccess\`Optional - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional - *Type:* java.util.Map - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`cluster\`Required - *Type:* ICluster Cluster resource. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isResource | Check whether the given construct is a Resource. | | fromNodegroupName | Import the Nodegroup from attributes. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.Nodegroup; Nodegroup.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.eks.Nodegroup; Nodegroup.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- ##### \`fromNodegroupName\` \`\`\`java import software.amazon.awscdk.services.eks.Nodegroup; Nodegroup.fromNodegroupName(Construct scope, java.lang.String id, java.lang.String nodegroupName) \`\`\` Import the Nodegroup from attributes. ###### \`scope\`Required - *Type:* software.constructs.Construct --- ###### \`id\`Required - *Type:* java.lang.String --- ###### \`nodegroupName\`Required - *Type:* java.lang.String --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | env | software.amazon.awscdk.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.Stack | The stack in which this resource is defined. | | cluster | ICluster | the Amazon EKS cluster resource. | | nodegroupArn | java.lang.String | ARN of the nodegroup. | | nodegroupName | java.lang.String | Nodegroup name. | | role | software.amazon.awscdk.services.iam.IRole | IAM role of the instance profile for the nodegroup. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this resource is defined. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster the Amazon EKS cluster resource. --- ##### \`nodegroupArn\`Required \`\`\`java public java.lang.String getNodegroupArn(); \`\`\` - *Type:* java.lang.String ARN of the nodegroup. --- ##### \`nodegroupName\`Required \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String Nodegroup name. --- ##### \`role\`Required \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole IAM role of the instance profile for the nodegroup. --- ### OpenIdConnectProvider IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster > [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProvider; OpenIdConnectProvider.Builder.create(Construct scope, java.lang.String id) .url(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | The definition scope. | | id | java.lang.String | Construct ID. | | url | java.lang.String | The URL of the identity provider. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct The definition scope. --- ##### \`id\`Required - *Type:* java.lang.String Construct ID. --- ##### \`url\`Required - *Type:* java.lang.String The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isResource | Check whether the given construct is a Resource. | | fromOpenIdConnectProviderArn | Imports an Open ID connect provider from an ARN. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProvider; OpenIdConnectProvider.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProvider; OpenIdConnectProvider.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- ##### \`fromOpenIdConnectProviderArn\` \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProvider; OpenIdConnectProvider.fromOpenIdConnectProviderArn(Construct scope, java.lang.String id, java.lang.String openIdConnectProviderArn) \`\`\` Imports an Open ID connect provider from an ARN. ###### \`scope\`Required - *Type:* software.constructs.Construct The definition scope. --- ###### \`id\`Required - *Type:* java.lang.String ID of the construct. --- ###### \`openIdConnectProviderArn\`Required - *Type:* java.lang.String the ARN to import. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | env | software.amazon.awscdk.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.Stack | The stack in which this resource is defined. | | openIdConnectProviderArn | java.lang.String | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. | | openIdConnectProviderIssuer | java.lang.String | The issuer for OIDC Provider. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this resource is defined. --- ##### \`openIdConnectProviderArn\`Required \`\`\`java public java.lang.String getOpenIdConnectProviderArn(); \`\`\` - *Type:* java.lang.String The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. --- ##### \`openIdConnectProviderIssuer\`Required \`\`\`java public java.lang.String getOpenIdConnectProviderIssuer(); \`\`\` - *Type:* java.lang.String The issuer for OIDC Provider. --- ### ServiceAccount - *Implements:* software.amazon.awscdk.services.iam.IPrincipal Service Account. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.ServiceAccount; ServiceAccount.Builder.create(Construct scope, java.lang.String id) // .name(java.lang.String) // .namespace(java.lang.String) .cluster(ICluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | name | java.lang.String | The name of the service account. | | namespace | java.lang.String | The namespace of the service account. | | cluster | ICluster | The cluster to apply the patch to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`name\`Optional - *Type:* java.lang.String - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional - *Type:* java.lang.String - *Default:* "default" The namespace of the service account. --- ##### \`cluster\`Required - *Type:* ICluster The cluster to apply the patch to. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | addToPrincipalPolicy | Add to the policy of this principal. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`addToPrincipalPolicy\` \`\`\`java public AddToPrincipalPolicyResult addToPrincipalPolicy(PolicyStatement statement) \`\`\` Add to the policy of this principal. ###### \`statement\`Required - *Type:* software.amazon.awscdk.services.iam.PolicyStatement --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`java import software.amazon.awscdk.services.eks.ServiceAccount; ServiceAccount.isConstruct(java.lang.Object x) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* java.lang.Object Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | assumeRoleAction | java.lang.String | When this Principal is used in an AssumeRole policy, the action to use. | | grantPrincipal | software.amazon.awscdk.services.iam.IPrincipal | The principal to grant permissions to. | | policyFragment | software.amazon.awscdk.services.iam.PrincipalPolicyFragment | Return the policy fragment that identifies this principal in a Policy. | | role | software.amazon.awscdk.services.iam.IRole | The role which is linked to the service account. | | serviceAccountName | java.lang.String | The name of the service account. | | serviceAccountNamespace | java.lang.String | The namespace where the service account is located in. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`assumeRoleAction\`Required \`\`\`java public java.lang.String getAssumeRoleAction(); \`\`\` - *Type:* java.lang.String When this Principal is used in an AssumeRole policy, the action to use. --- ##### \`grantPrincipal\`Required \`\`\`java public IPrincipal getGrantPrincipal(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IPrincipal The principal to grant permissions to. --- ##### \`policyFragment\`Required \`\`\`java public PrincipalPolicyFragment getPolicyFragment(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.PrincipalPolicyFragment Return the policy fragment that identifies this principal in a Policy. --- ##### \`role\`Required \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole The role which is linked to the service account. --- ##### \`serviceAccountName\`Required \`\`\`java public java.lang.String getServiceAccountName(); \`\`\` - *Type:* java.lang.String The name of the service account. --- ##### \`serviceAccountNamespace\`Required \`\`\`java public java.lang.String getServiceAccountNamespace(); \`\`\` - *Type:* java.lang.String The namespace where the service account is located in. --- ## Structs ### AutoScalingGroupCapacityOptions Options for adding worker nodes. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.AutoScalingGroupCapacityOptions; AutoScalingGroupCapacityOptions.builder() // .allowAllOutbound(java.lang.Boolean) // .associatePublicIpAddress(java.lang.Boolean) // .autoScalingGroupName(java.lang.String) // .blockDevices(java.util.List) // .cooldown(Duration) // .desiredCapacity(java.lang.Number) // .groupMetrics(java.util.List) // .healthCheck(HealthCheck) // .ignoreUnmodifiedSizeProperties(java.lang.Boolean) // .instanceMonitoring(Monitoring) // .keyName(java.lang.String) // .maxCapacity(java.lang.Number) // .maxInstanceLifetime(Duration) // .minCapacity(java.lang.Number) // .newInstancesProtectedFromScaleIn(java.lang.Boolean) // .notifications(java.util.List) // .signals(Signals) // .spotPrice(java.lang.String) // .updatePolicy(UpdatePolicy) // .vpcSubnets(SubnetSelection) .instanceType(InstanceType) // .bootstrapEnabled(java.lang.Boolean) // .bootstrapOptions(BootstrapOptions) // .machineImageType(MachineImageType) // .mapRole(java.lang.Boolean) // .spotInterruptHandler(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | allowAllOutbound | java.lang.Boolean | Whether the instances can initiate connections to anywhere by default. | | associatePublicIpAddress | java.lang.Boolean | Whether instances in the Auto Scaling Group should have public IP addresses associated with them. | | autoScalingGroupName | java.lang.String | The name of the Auto Scaling group. | | blockDevices | java.util.List | Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. | | cooldown | software.amazon.awscdk.Duration | Default scaling cooldown for this AutoScalingGroup. | | desiredCapacity | java.lang.Number | Initial amount of instances in the fleet. | | groupMetrics | java.util.List | Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. | | healthCheck | software.amazon.awscdk.services.autoscaling.HealthCheck | Configuration for health checks. | | ignoreUnmodifiedSizeProperties | java.lang.Boolean | If the ASG has scheduled actions, don't reset unchanged group sizes. | | instanceMonitoring | software.amazon.awscdk.services.autoscaling.Monitoring | Controls whether instances in this group are launched with detailed or basic monitoring. | | keyName | java.lang.String | Name of SSH keypair to grant access to instances. | | maxCapacity | java.lang.Number | Maximum number of instances in the fleet. | | maxInstanceLifetime | software.amazon.awscdk.Duration | The maximum amount of time that an instance can be in service. | | minCapacity | java.lang.Number | Minimum number of instances in the fleet. | | newInstancesProtectedFromScaleIn | java.lang.Boolean | Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. | | notifications | java.util.List | Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). | | signals | software.amazon.awscdk.services.autoscaling.Signals | Configure waiting for signals during deployment. | | spotPrice | java.lang.String | The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. | | updatePolicy | software.amazon.awscdk.services.autoscaling.UpdatePolicy | What to do when an AutoScalingGroup's instance configuration is changed. | | vpcSubnets | software.amazon.awscdk.services.ec2.SubnetSelection | Where to place instances within the VPC. | | instanceType | software.amazon.awscdk.services.ec2.InstanceType | Instance type of the instances to start. | | bootstrapEnabled | java.lang.Boolean | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | bootstrapOptions | BootstrapOptions | EKS node bootstrapping options. | | machineImageType | MachineImageType | Machine image type. | | mapRole | java.lang.Boolean | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | spotInterruptHandler | java.lang.Boolean | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`allowAllOutbound\`Optional \`\`\`java public java.lang.Boolean getAllowAllOutbound(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ##### \`associatePublicIpAddress\`Optional \`\`\`java public java.lang.Boolean getAssociatePublicIpAddress(); \`\`\` - *Type:* java.lang.Boolean - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ##### \`autoScalingGroupName\`Optional \`\`\`java public java.lang.String getAutoScalingGroupName(); \`\`\` - *Type:* java.lang.String - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ##### \`blockDevices\`Optional \`\`\`java public java.util.List getBlockDevices(); \`\`\` - *Type:* java.util.List - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ##### \`cooldown\`Optional \`\`\`java public Duration getCooldown(); \`\`\` - *Type:* software.amazon.awscdk.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ##### \`desiredCapacity\`Optional \`\`\`java public java.lang.Number getDesiredCapacity(); \`\`\` - *Type:* java.lang.Number - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ##### \`groupMetrics\`Optional \`\`\`java public java.util.List getGroupMetrics(); \`\`\` - *Type:* java.util.List - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ##### \`healthCheck\`Optional \`\`\`java public HealthCheck getHealthCheck(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ##### \`ignoreUnmodifiedSizeProperties\`Optional \`\`\`java public java.lang.Boolean getIgnoreUnmodifiedSizeProperties(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ##### \`instanceMonitoring\`Optional \`\`\`java public Monitoring getInstanceMonitoring(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ##### \`keyName\`Optional \`\`\`java public java.lang.String getKeyName(); \`\`\` - *Type:* java.lang.String - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ##### \`maxCapacity\`Optional \`\`\`java public java.lang.Number getMaxCapacity(); \`\`\` - *Type:* java.lang.Number - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ##### \`maxInstanceLifetime\`Optional \`\`\`java public Duration getMaxInstanceLifetime(); \`\`\` - *Type:* software.amazon.awscdk.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ##### \`minCapacity\`Optional \`\`\`java public java.lang.Number getMinCapacity(); \`\`\` - *Type:* java.lang.Number - *Default:* 1 Minimum number of instances in the fleet. --- ##### \`newInstancesProtectedFromScaleIn\`Optional \`\`\`java public java.lang.Boolean getNewInstancesProtectedFromScaleIn(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ##### \`notifications\`Optional \`\`\`java public java.util.List getNotifications(); \`\`\` - *Type:* java.util.List - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ##### \`signals\`Optional \`\`\`java public Signals getSignals(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ##### \`spotPrice\`Optional \`\`\`java public java.lang.String getSpotPrice(); \`\`\` - *Type:* java.lang.String - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ##### \`updatePolicy\`Optional \`\`\`java public UpdatePolicy getUpdatePolicy(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### \`vpcSubnets\`Optional \`\`\`java public SubnetSelection getVpcSubnets(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ##### \`instanceType\`Required \`\`\`java public InstanceType getInstanceType(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.InstanceType Instance type of the instances to start. --- ##### \`bootstrapEnabled\`Optional \`\`\`java public java.lang.Boolean getBootstrapEnabled(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`bootstrapOptions\`Optional \`\`\`java public BootstrapOptions getBootstrapOptions(); \`\`\` - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ##### \`machineImageType\`Optional \`\`\`java public MachineImageType getMachineImageType(); \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ##### \`mapRole\`Optional \`\`\`java public java.lang.Boolean getMapRole(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`spotInterruptHandler\`Optional \`\`\`java public java.lang.Boolean getSpotInterruptHandler(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ### AutoScalingGroupOptions Options for adding an AutoScalingGroup as capacity. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.AutoScalingGroupOptions; AutoScalingGroupOptions.builder() // .bootstrapEnabled(java.lang.Boolean) // .bootstrapOptions(BootstrapOptions) // .machineImageType(MachineImageType) // .mapRole(java.lang.Boolean) // .spotInterruptHandler(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | bootstrapEnabled | java.lang.Boolean | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | bootstrapOptions | BootstrapOptions | Allows options for node bootstrapping through EC2 user data. | | machineImageType | MachineImageType | Allow options to specify different machine image type. | | mapRole | java.lang.Boolean | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | spotInterruptHandler | java.lang.Boolean | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`bootstrapEnabled\`Optional \`\`\`java public java.lang.Boolean getBootstrapEnabled(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`bootstrapOptions\`Optional \`\`\`java public BootstrapOptions getBootstrapOptions(); \`\`\` - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ##### \`machineImageType\`Optional \`\`\`java public MachineImageType getMachineImageType(); \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ##### \`mapRole\`Optional \`\`\`java public java.lang.Boolean getMapRole(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`spotInterruptHandler\`Optional \`\`\`java public java.lang.Boolean getSpotInterruptHandler(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ### AwsAuthMapping AwsAuth mapping. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.AwsAuthMapping; AwsAuthMapping.builder() .groups(java.util.List) // .username(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | groups | java.util.List | A list of groups within Kubernetes to which the role is mapped. | | username | java.lang.String | The user name within Kubernetes to map to the IAM role. | --- ##### \`groups\`Required \`\`\`java public java.util.List getGroups(); \`\`\` - *Type:* java.util.List A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`username\`Optional \`\`\`java public java.lang.String getUsername(); \`\`\` - *Type:* java.lang.String - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- ### AwsAuthProps Configuration props for the AwsAuth construct. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.AwsAuthProps; AwsAuthProps.builder() .cluster(Cluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`cluster\`Required \`\`\`java public Cluster getCluster(); \`\`\` - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### BootstrapOptions EKS node bootstrapping options. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.BootstrapOptions; BootstrapOptions.builder() // .additionalArgs(java.lang.String) // .awsApiRetryAttempts(java.lang.Number) // .dnsClusterIp(java.lang.String) // .dockerConfigJson(java.lang.String) // .enableDockerBridge(java.lang.Boolean) // .kubeletExtraArgs(java.lang.String) // .useMaxPods(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | additionalArgs | java.lang.String | Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. | | awsApiRetryAttempts | java.lang.Number | Number of retry attempts for AWS API call (DescribeCluster). | | dnsClusterIp | java.lang.String | Overrides the IP address to use for DNS queries within the cluster. | | dockerConfigJson | java.lang.String | The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. | | enableDockerBridge | java.lang.Boolean | Restores the docker default bridge network. | | kubeletExtraArgs | java.lang.String | Extra arguments to add to the kubelet. | | useMaxPods | java.lang.Boolean | Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. | --- ##### \`additionalArgs\`Optional \`\`\`java public java.lang.String getAdditionalArgs(); \`\`\` - *Type:* java.lang.String - *Default:* none Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. > [https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) --- ##### \`awsApiRetryAttempts\`Optional \`\`\`java public java.lang.Number getAwsApiRetryAttempts(); \`\`\` - *Type:* java.lang.Number - *Default:* 3 Number of retry attempts for AWS API call (DescribeCluster). --- ##### \`dnsClusterIp\`Optional \`\`\`java public java.lang.String getDnsClusterIp(); \`\`\` - *Type:* java.lang.String - *Default:* 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface. Overrides the IP address to use for DNS queries within the cluster. --- ##### \`dockerConfigJson\`Optional \`\`\`java public java.lang.String getDockerConfigJson(); \`\`\` - *Type:* java.lang.String - *Default:* none The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. --- ##### \`enableDockerBridge\`Optional \`\`\`java public java.lang.Boolean getEnableDockerBridge(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Restores the docker default bridge network. --- ##### \`kubeletExtraArgs\`Optional \`\`\`java public java.lang.String getKubeletExtraArgs(); \`\`\` - *Type:* java.lang.String - *Default:* none Extra arguments to add to the kubelet. Useful for adding labels or taints. --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. --node - labels;foo = bar , goo = far; \`\`\` ##### \`useMaxPods\`Optional \`\`\`java public java.lang.Boolean getUseMaxPods(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. --- ### CfnAddonProps Properties for defining a \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnAddonProps; CfnAddonProps.builder() .addonName(java.lang.String) .clusterName(java.lang.String) // .addonVersion(java.lang.String) // .resolveConflicts(java.lang.String) // .serviceAccountRoleArn(java.lang.String) // .tags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | addonName | java.lang.String | \`AWS::EKS::Addon.AddonName\`. | | clusterName | java.lang.String | \`AWS::EKS::Addon.ClusterName\`. | | addonVersion | java.lang.String | \`AWS::EKS::Addon.AddonVersion\`. | | resolveConflicts | java.lang.String | \`AWS::EKS::Addon.ResolveConflicts\`. | | serviceAccountRoleArn | java.lang.String | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | tags | java.util.List | \`AWS::EKS::Addon.Tags\`. | --- ##### \`addonName\`Required \`\`\`java public java.lang.String getAddonName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addonVersion\`Optional \`\`\`java public java.lang.String getAddonVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolveConflicts\`Optional \`\`\`java public java.lang.String getResolveConflicts(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`serviceAccountRoleArn\`Optional \`\`\`java public java.lang.String getServiceAccountRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`tags\`Optional \`\`\`java public java.util.List getTags(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ### CfnClusterProps Properties for defining a \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnClusterProps; CfnClusterProps.builder() .resourcesVpcConfig(ResourcesVpcConfigProperty) .resourcesVpcConfig(IResolvable) .roleArn(java.lang.String) // .encryptionConfig(IResolvable) // .encryptionConfig(java.util.List) // .kubernetesNetworkConfig(KubernetesNetworkConfigProperty) // .kubernetesNetworkConfig(IResolvable) // .name(java.lang.String) // .version(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | resourcesVpcConfig | ResourcesVpcConfigProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | roleArn | java.lang.String | \`AWS::EKS::Cluster.RoleArn\`. | | encryptionConfig | software.amazon.awscdk.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.IResolvable> | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetesNetworkConfig | KubernetesNetworkConfigProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | java.lang.String | \`AWS::EKS::Cluster.Name\`. | | version | java.lang.String | \`AWS::EKS::Cluster.Version\`. | --- ##### \`resourcesVpcConfig\`Required \`\`\`java public java.lang.Object getResourcesVpcConfig(); \`\`\` - *Type:* ResourcesVpcConfigProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`roleArn\`Required \`\`\`java public java.lang.String getRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryptionConfig\`Optional \`\`\`java public java.lang.Object getEncryptionConfig(); \`\`\` - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.IResolvable> \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetesNetworkConfig\`Optional \`\`\`java public java.lang.Object getKubernetesNetworkConfig(); \`\`\` - *Type:* KubernetesNetworkConfigProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- ### CfnFargateProfileProps Properties for defining a \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfileProps; CfnFargateProfileProps.builder() .clusterName(java.lang.String) .podExecutionRoleArn(java.lang.String) .selectors(IResolvable) .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .subnets(java.util.List) // .tags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | clusterName | java.lang.String | \`AWS::EKS::FargateProfile.ClusterName\`. | | podExecutionRoleArn | java.lang.String | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | software.amazon.awscdk.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.IResolvable> | \`AWS::EKS::FargateProfile.Selectors\`. | | fargateProfileName | java.lang.String | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | java.util.List | \`AWS::EKS::FargateProfile.Subnets\`. | | tags | java.util.List | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`podExecutionRoleArn\`Required \`\`\`java public java.lang.String getPodExecutionRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required \`\`\`java public java.lang.Object getSelectors(); \`\`\` - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.IResolvable> \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargateProfileName\`Optional \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional \`\`\`java public java.util.List getSubnets(); \`\`\` - *Type:* java.util.List \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`tags\`Optional \`\`\`java public java.util.List getTags(); \`\`\` - *Type:* java.util.List \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ### CfnNodegroupProps Properties for defining a \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroupProps; CfnNodegroupProps.builder() .clusterName(java.lang.String) .nodeRole(java.lang.String) .subnets(java.util.List) // .amiType(java.lang.String) // .capacityType(java.lang.String) // .diskSize(java.lang.Number) // .forceUpdateEnabled(java.lang.Boolean) // .forceUpdateEnabled(IResolvable) // .instanceTypes(java.util.List) // .labels(java.lang.Object) // .launchTemplate(LaunchTemplateSpecificationProperty) // .launchTemplate(IResolvable) // .nodegroupName(java.lang.String) // .releaseVersion(java.lang.String) // .remoteAccess(RemoteAccessProperty) // .remoteAccess(IResolvable) // .scalingConfig(ScalingConfigProperty) // .scalingConfig(IResolvable) // .tags(java.lang.Object) // .taints(IResolvable) // .taints(java.util.List) // .version(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | clusterName | java.lang.String | \`AWS::EKS::Nodegroup.ClusterName\`. | | nodeRole | java.lang.String | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | java.util.List | \`AWS::EKS::Nodegroup.Subnets\`. | | amiType | java.lang.String | \`AWS::EKS::Nodegroup.AmiType\`. | | capacityType | java.lang.String | \`AWS::EKS::Nodegroup.CapacityType\`. | | diskSize | java.lang.Number | \`AWS::EKS::Nodegroup.DiskSize\`. | | forceUpdateEnabled | java.lang.Boolean OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instanceTypes | java.util.List | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | labels | java.lang.Object | \`AWS::EKS::Nodegroup.Labels\`. | | launchTemplate | LaunchTemplateSpecificationProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroupName | java.lang.String | \`AWS::EKS::Nodegroup.NodegroupName\`. | | releaseVersion | java.lang.String | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remoteAccess | RemoteAccessProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scalingConfig | ScalingConfigProperty OR software.amazon.awscdk.IResolvable | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | tags | java.lang.Object | \`AWS::EKS::Nodegroup.Tags\`. | | taints | software.amazon.awscdk.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.IResolvable> | \`AWS::EKS::Nodegroup.Taints\`. | | version | java.lang.String | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`nodeRole\`Required \`\`\`java public java.lang.String getNodeRole(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required \`\`\`java public java.util.List getSubnets(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`amiType\`Optional \`\`\`java public java.lang.String getAmiType(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacityType\`Optional \`\`\`java public java.lang.String getCapacityType(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`diskSize\`Optional \`\`\`java public java.lang.Number getDiskSize(); \`\`\` - *Type:* java.lang.Number \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`forceUpdateEnabled\`Optional \`\`\`java public java.lang.Object getForceUpdateEnabled(); \`\`\` - *Type:* java.lang.Boolean OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instanceTypes\`Optional \`\`\`java public java.util.List getInstanceTypes(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`java public java.lang.Object getLabels(); \`\`\` - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`launchTemplate\`Optional \`\`\`java public java.lang.Object getLaunchTemplate(); \`\`\` - *Type:* LaunchTemplateSpecificationProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroupName\`Optional \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`releaseVersion\`Optional \`\`\`java public java.lang.String getReleaseVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remoteAccess\`Optional \`\`\`java public java.lang.Object getRemoteAccess(); \`\`\` - *Type:* RemoteAccessProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scalingConfig\`Optional \`\`\`java public java.lang.Object getScalingConfig(); \`\`\` - *Type:* ScalingConfigProperty OR software.amazon.awscdk.IResolvable \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`tags\`Optional \`\`\`java public java.lang.Object getTags(); \`\`\` - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`taints\`Optional \`\`\`java public java.lang.Object getTaints(); \`\`\` - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.IResolvable> \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- ### ClusterAttributes Attributes for EKS clusters. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ClusterAttributes; ClusterAttributes.builder() .clusterName(java.lang.String) // .clusterCertificateAuthorityData(java.lang.String) // .clusterEncryptionConfigKeyArn(java.lang.String) // .clusterEndpoint(java.lang.String) // .clusterSecurityGroupId(java.lang.String) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .kubectlPrivateSubnetIds(java.util.List) // .kubectlRoleArn(java.lang.String) // .kubectlSecurityGroupId(java.lang.String) // .openIdConnectProvider(IOpenIdConnectProvider) // .prune(java.lang.Boolean) // .securityGroupIds(java.util.List) // .vpc(IVpc) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | clusterName | java.lang.String | The physical name of the Cluster. | | clusterCertificateAuthorityData | java.lang.String | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | java.lang.String | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | java.lang.String | The API Server endpoint URL. | | clusterSecurityGroupId | java.lang.String | The cluster security group that was created by Amazon EKS for the cluster. | | kubectlEnvironment | java.util.Map | Environment variables to use when running \`kubectl\` against this cluster. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | kubectlPrivateSubnetIds | java.util.List | Subnets to host the \`kubectl\` compute resources. | | kubectlRoleArn | java.lang.String | An IAM role with cluster administrator and "system:masters" permissions. | | kubectlSecurityGroupId | java.lang.String | A security group to use for \`kubectl\` execution. | | openIdConnectProvider | software.amazon.awscdk.services.iam.IOpenIdConnectProvider | An Open ID Connect provider for this cluster that can be used to configure service accounts. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | securityGroupIds | java.util.List | Additional security groups associated with this cluster. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which this Cluster was created. | --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String The physical name of the Cluster. --- ##### \`clusterCertificateAuthorityData\`Optional \`\`\`java public java.lang.String getClusterCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Optional \`\`\`java public java.lang.String getClusterEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Optional \`\`\`java public java.lang.String getClusterEndpoint(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ##### \`clusterSecurityGroupId\`Optional \`\`\`java public java.lang.String getClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: \`\`\` helm/helm kubectl/kubectl awscli/aws \`\`\` --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`kubectlPrivateSubnetIds\`Optional \`\`\`java public java.util.List getKubectlPrivateSubnetIds(); \`\`\` - *Type:* java.util.List - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`kubectlRoleArn\`Optional \`\`\`java public java.lang.String getKubectlRoleArn(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ##### \`kubectlSecurityGroupId\`Optional \`\`\`java public java.lang.String getKubectlSecurityGroupId(); \`\`\` - *Type:* java.lang.String - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`openIdConnectProvider\`Optional \`\`\`java public IOpenIdConnectProvider getOpenIdConnectProvider(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`securityGroupIds\`Optional \`\`\`java public java.util.List getSecurityGroupIds(); \`\`\` - *Type:* java.util.List - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- ### ClusterOptions Options for EKS clusters. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ClusterOptions; ClusterOptions.builder() .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | --- ##### \`version\`Required \`\`\`java public KubernetesVersion getVersion(); \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`java public java.lang.Boolean getOutputClusterName(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`java public java.lang.Boolean getOutputConfigCommand(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`java public ISecurityGroup getSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`java public java.util.List getVpcSubnets(); \`\`\` - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional \`\`\`java public java.util.Map getClusterHandlerEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional \`\`\`java public CoreDnsComputeType getCoreDnsComputeType(); \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional \`\`\`java public EndpointAccess getEndpointAccess(); \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional \`\`\`java public IRole getMastersRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional \`\`\`java public java.lang.Boolean getOutputMastersRoleArn(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional \`\`\`java public java.lang.Boolean getPlaceClusterHandlerInVpc(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional \`\`\`java public IKey getSecretsEncryptionKey(); \`\`\` - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ### ClusterProps Common configuration props for EKS clusters. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ClusterProps; ClusterProps.builder() .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) // .defaultCapacity(java.lang.Number) // .defaultCapacityInstance(InstanceType) // .defaultCapacityType(DefaultCapacityType) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultCapacity | java.lang.Number | Number of instances to allocate as an initial capacity for this cluster. | | defaultCapacityInstance | software.amazon.awscdk.services.ec2.InstanceType | The instance type to use for the default capacity. | | defaultCapacityType | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`version\`Required \`\`\`java public KubernetesVersion getVersion(); \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`java public java.lang.Boolean getOutputClusterName(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`java public java.lang.Boolean getOutputConfigCommand(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`java public ISecurityGroup getSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`java public java.util.List getVpcSubnets(); \`\`\` - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional \`\`\`java public java.util.Map getClusterHandlerEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional \`\`\`java public CoreDnsComputeType getCoreDnsComputeType(); \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional \`\`\`java public EndpointAccess getEndpointAccess(); \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional \`\`\`java public IRole getMastersRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional \`\`\`java public java.lang.Boolean getOutputMastersRoleArn(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional \`\`\`java public java.lang.Boolean getPlaceClusterHandlerInVpc(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional \`\`\`java public IKey getSecretsEncryptionKey(); \`\`\` - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultCapacity\`Optional \`\`\`java public java.lang.Number getDefaultCapacity(); \`\`\` - *Type:* java.lang.Number - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`defaultCapacityInstance\`Optional \`\`\`java public InstanceType getDefaultCapacityInstance(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`defaultCapacityType\`Optional \`\`\`java public DefaultCapacityType getDefaultCapacityType(); \`\`\` - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- ### CommonClusterOptions Options for configuring an EKS cluster. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CommonClusterOptions; CommonClusterOptions.builder() .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | --- ##### \`version\`Required \`\`\`java public KubernetesVersion getVersion(); \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`java public java.lang.Boolean getOutputClusterName(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`java public java.lang.Boolean getOutputConfigCommand(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`java public ISecurityGroup getSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`java public java.util.List getVpcSubnets(); \`\`\` - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ### EksOptimizedImageProps Properties for EksOptimizedImage. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.EksOptimizedImageProps; EksOptimizedImageProps.builder() // .cpuArch(CpuArch) // .kubernetesVersion(java.lang.String) // .nodeType(NodeType) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cpuArch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | kubernetesVersion | java.lang.String | The Kubernetes version to use. | | nodeType | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`cpuArch\`Optional \`\`\`java public CpuArch getCpuArch(); \`\`\` - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`kubernetesVersion\`Optional \`\`\`java public java.lang.String getKubernetesVersion(); \`\`\` - *Type:* java.lang.String - *Default:* The latest version The Kubernetes version to use. --- ##### \`nodeType\`Optional \`\`\`java public NodeType getNodeType(); \`\`\` - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- ### EncryptionConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster.EncryptionConfigProperty; EncryptionConfigProperty.builder() // .provider(ProviderProperty) // .provider(IResolvable) // .resources(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | provider | ProviderProperty OR software.amazon.awscdk.IResolvable | \`CfnCluster.EncryptionConfigProperty.Provider\`. | | resources | java.util.List | \`CfnCluster.EncryptionConfigProperty.Resources\`. | --- ##### \`provider\`Optional \`\`\`java public java.lang.Object getProvider(); \`\`\` - *Type:* ProviderProperty OR software.amazon.awscdk.IResolvable \`CfnCluster.EncryptionConfigProperty.Provider\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider) --- ##### \`resources\`Optional \`\`\`java public java.util.List getResources(); \`\`\` - *Type:* java.util.List \`CfnCluster.EncryptionConfigProperty.Resources\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources) --- ### FargateClusterProps Configuration props for EKS Fargate. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.FargateClusterProps; FargateClusterProps.builder() .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) // .defaultProfile(FargateProfileOptions) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultProfile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`version\`Required \`\`\`java public KubernetesVersion getVersion(); \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`java public java.lang.Boolean getOutputClusterName(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`java public java.lang.Boolean getOutputConfigCommand(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`java public ISecurityGroup getSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`java public java.util.List getVpcSubnets(); \`\`\` - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional \`\`\`java public java.util.Map getClusterHandlerEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional \`\`\`java public CoreDnsComputeType getCoreDnsComputeType(); \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional \`\`\`java public EndpointAccess getEndpointAccess(); \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional \`\`\`java public IRole getMastersRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional \`\`\`java public java.lang.Boolean getOutputMastersRoleArn(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional \`\`\`java public java.lang.Boolean getPlaceClusterHandlerInVpc(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional \`\`\`java public IKey getSecretsEncryptionKey(); \`\`\` - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultProfile\`Optional \`\`\`java public FargateProfileOptions getDefaultProfile(); \`\`\` - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- ### FargateProfileOptions Options for defining EKS Fargate Profiles. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.FargateProfileOptions; FargateProfileOptions.builder() .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .podExecutionRole(IRole) // .subnetSelection(SubnetSelection) // .vpc(IVpc) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | selectors | java.util.List<Selector> | The selectors to match for pods to use this Fargate profile. | | fargateProfileName | java.lang.String | The name of the Fargate profile. | | podExecutionRole | software.amazon.awscdk.services.iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnetSelection | software.amazon.awscdk.services.ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC from which to select subnets to launch your pods into. | --- ##### \`selectors\`Required \`\`\`java public java.util.List getSelectors(); \`\`\` - *Type:* java.util.List<Selector> The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargateProfileName\`Optional \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String - *Default:* generated The name of the Fargate profile. --- ##### \`podExecutionRole\`Optional \`\`\`java public IRole getPodExecutionRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnetSelection\`Optional \`\`\`java public SubnetSelection getSubnetSelection(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ### FargateProfileProps Configuration props for EKS Fargate Profiles. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.FargateProfileProps; FargateProfileProps.builder() .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .podExecutionRole(IRole) // .subnetSelection(SubnetSelection) // .vpc(IVpc) .cluster(Cluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | selectors | java.util.List<Selector> | The selectors to match for pods to use this Fargate profile. | | fargateProfileName | java.lang.String | The name of the Fargate profile. | | podExecutionRole | software.amazon.awscdk.services.iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnetSelection | software.amazon.awscdk.services.ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`selectors\`Required \`\`\`java public java.util.List getSelectors(); \`\`\` - *Type:* java.util.List<Selector> The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargateProfileName\`Optional \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String - *Default:* generated The name of the Fargate profile. --- ##### \`podExecutionRole\`Optional \`\`\`java public IRole getPodExecutionRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnetSelection\`Optional \`\`\`java public SubnetSelection getSubnetSelection(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`cluster\`Required \`\`\`java public Cluster getCluster(); \`\`\` - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- ### HelmChartOptions Helm Chart options. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.HelmChartOptions; HelmChartOptions.builder() .chart(java.lang.String) // .createNamespace(java.lang.Boolean) // .namespace(java.lang.String) // .release(java.lang.String) // .repository(java.lang.String) // .timeout(Duration) // .values(java.util.Map) // .version(java.lang.String) // .wait(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | chart | java.lang.String | The name of the chart. | | createNamespace | java.lang.Boolean | create namespace if not exist. | | namespace | java.lang.String | The Kubernetes namespace scope of the requests. | | release | java.lang.String | The name of the release. | | repository | java.lang.String | The repository which contains the chart. | | timeout | software.amazon.awscdk.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | java.util.Map | The values to be used by the chart. | | version | java.lang.String | The chart version to install. | | wait | java.lang.Boolean | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | --- ##### \`chart\`Required \`\`\`java public java.lang.String getChart(); \`\`\` - *Type:* java.lang.String The name of the chart. --- ##### \`createNamespace\`Optional \`\`\`java public java.lang.Boolean getCreateNamespace(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional \`\`\`java public java.lang.String getRelease(); \`\`\` - *Type:* java.lang.String - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional \`\`\`java public java.lang.String getRepository(); \`\`\` - *Type:* java.lang.String - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional \`\`\`java public Duration getTimeout(); \`\`\` - *Type:* software.amazon.awscdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional \`\`\`java public java.util.Map getValues(); \`\`\` - *Type:* java.util.Map - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional \`\`\`java public java.lang.Boolean getWait(); \`\`\` - *Type:* java.lang.Boolean - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ### HelmChartProps Helm Chart properties. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.HelmChartProps; HelmChartProps.builder() .chart(java.lang.String) // .createNamespace(java.lang.Boolean) // .namespace(java.lang.String) // .release(java.lang.String) // .repository(java.lang.String) // .timeout(Duration) // .values(java.util.Map) // .version(java.lang.String) // .wait(java.lang.Boolean) .cluster(ICluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | chart | java.lang.String | The name of the chart. | | createNamespace | java.lang.Boolean | create namespace if not exist. | | namespace | java.lang.String | The Kubernetes namespace scope of the requests. | | release | java.lang.String | The name of the release. | | repository | java.lang.String | The repository which contains the chart. | | timeout | software.amazon.awscdk.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | java.util.Map | The values to be used by the chart. | | version | java.lang.String | The chart version to install. | | wait | java.lang.Boolean | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`chart\`Required \`\`\`java public java.lang.String getChart(); \`\`\` - *Type:* java.lang.String The name of the chart. --- ##### \`createNamespace\`Optional \`\`\`java public java.lang.Boolean getCreateNamespace(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional \`\`\`java public java.lang.String getRelease(); \`\`\` - *Type:* java.lang.String - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional \`\`\`java public java.lang.String getRepository(); \`\`\` - *Type:* java.lang.String - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional \`\`\`java public Duration getTimeout(); \`\`\` - *Type:* software.amazon.awscdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional \`\`\`java public java.util.Map getValues(); \`\`\` - *Type:* java.util.Map - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional \`\`\`java public java.lang.Boolean getWait(); \`\`\` - *Type:* java.lang.Boolean - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### KubernetesManifestOptions Options for \`KubernetesManifest\`. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.KubernetesManifestOptions; KubernetesManifestOptions.builder() // .prune(java.lang.Boolean) // .skipValidation(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | prune | java.lang.Boolean | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skipValidation | java.lang.Boolean | A flag to signify if the manifest validation should be skipped. | --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skipValidation\`Optional \`\`\`java public java.lang.Boolean getSkipValidation(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false A flag to signify if the manifest validation should be skipped. --- ### KubernetesManifestProps Properties for KubernetesManifest. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.KubernetesManifestProps; KubernetesManifestProps.builder() // .prune(java.lang.Boolean) // .skipValidation(java.lang.Boolean) .cluster(ICluster) .manifest(java.util.List>) // .overwrite(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | prune | java.lang.Boolean | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skipValidation | java.lang.Boolean | A flag to signify if the manifest validation should be skipped. | | cluster | ICluster | The EKS cluster to apply this manifest to. | | manifest | java.util.List> | The manifest to apply. | | overwrite | java.lang.Boolean | Overwrite any existing resources. | --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skipValidation\`Optional \`\`\`java public java.lang.Boolean getSkipValidation(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`manifest\`Required \`\`\`java public java.util.List> getManifest(); \`\`\` - *Type:* java.util.List> The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`java List.of(Map.of( "apiVersion", "v1", "kind", "Pod", "metadata", Map.of("name", "mypod"), "spec", Map.of( "containers", List.of(Map.of("name", "hello", "image", "paulbouwer/hello-kubernetes:1.5", "ports", List.of(Map.of("containerPort", 8080))))))); \`\`\` ##### \`overwrite\`Optional \`\`\`java public java.lang.Boolean getOverwrite(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- ### KubernetesNetworkConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster.KubernetesNetworkConfigProperty; KubernetesNetworkConfigProperty.builder() // .serviceIpv4Cidr(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | serviceIpv4Cidr | java.lang.String | \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. | --- ##### \`serviceIpv4Cidr\`Optional \`\`\`java public java.lang.String getServiceIpv4Cidr(); \`\`\` - *Type:* java.lang.String \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr) --- ### KubernetesObjectValueProps Properties for KubernetesObjectValue. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.KubernetesObjectValueProps; KubernetesObjectValueProps.builder() .cluster(ICluster) .jsonPath(java.lang.String) .objectName(java.lang.String) .objectType(java.lang.String) // .objectNamespace(java.lang.String) // .timeout(Duration) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster | ICluster | The EKS cluster to fetch attributes from. | | jsonPath | java.lang.String | JSONPath to the specific value. | | objectName | java.lang.String | The name of the object to query. | | objectType | java.lang.String | The object type to query. | | objectNamespace | java.lang.String | The namespace the object belongs to. | | timeout | software.amazon.awscdk.Duration | Timeout for waiting on a value. | --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`jsonPath\`Required \`\`\`java public java.lang.String getJsonPath(); \`\`\` - *Type:* java.lang.String JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`objectName\`Required \`\`\`java public java.lang.String getObjectName(); \`\`\` - *Type:* java.lang.String The name of the object to query. --- ##### \`objectType\`Required \`\`\`java public java.lang.String getObjectType(); \`\`\` - *Type:* java.lang.String The object type to query. (e.g 'service', 'pod'...) --- ##### \`objectNamespace\`Optional \`\`\`java public java.lang.String getObjectNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* 'default' The namespace the object belongs to. --- ##### \`timeout\`Optional \`\`\`java public Duration getTimeout(); \`\`\` - *Type:* software.amazon.awscdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- ### KubernetesPatchProps Properties for KubernetesPatch. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.KubernetesPatchProps; KubernetesPatchProps.builder() .applyPatch(java.util.Map) .cluster(ICluster) .resourceName(java.lang.String) .restorePatch(java.util.Map) // .patchType(PatchType) // .resourceNamespace(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | applyPatch | java.util.Map | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | cluster | ICluster | The cluster to apply the patch to. | | resourceName | java.lang.String | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | restorePatch | java.util.Map | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | patchType | PatchType | The patch type to pass to \`kubectl patch\`. | | resourceNamespace | java.lang.String | The kubernetes API namespace. | --- ##### \`applyPatch\`Required \`\`\`java public java.util.Map getApplyPatch(); \`\`\` - *Type:* java.util.Map The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`resourceName\`Required \`\`\`java public java.lang.String getResourceName(); \`\`\` - *Type:* java.lang.String The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`restorePatch\`Required \`\`\`java public java.util.Map getRestorePatch(); \`\`\` - *Type:* java.util.Map The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`patchType\`Optional \`\`\`java public PatchType getPatchType(); \`\`\` - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`resourceNamespace\`Optional \`\`\`java public java.lang.String getResourceNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* "default" The kubernetes API namespace. --- ### LabelProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile.LabelProperty; LabelProperty.builder() .key(java.lang.String) .value(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | key | java.lang.String | \`CfnFargateProfile.LabelProperty.Key\`. | | value | java.lang.String | \`CfnFargateProfile.LabelProperty.Value\`. | --- ##### \`key\`Required \`\`\`java public java.lang.String getKey(); \`\`\` - *Type:* java.lang.String \`CfnFargateProfile.LabelProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key) --- ##### \`value\`Required \`\`\`java public java.lang.String getValue(); \`\`\` - *Type:* java.lang.String \`CfnFargateProfile.LabelProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value) --- ### LaunchTemplateSpec Launch template property specification. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.LaunchTemplateSpec; LaunchTemplateSpec.builder() .id(java.lang.String) // .version(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | id | java.lang.String | The Launch template ID. | | version | java.lang.String | The launch template version to be used (optional). | --- ##### \`id\`Required \`\`\`java public java.lang.String getId(); \`\`\` - *Type:* java.lang.String The Launch template ID. --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String - *Default:* the default version of the launch template The launch template version to be used (optional). --- ### LaunchTemplateSpecificationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup.LaunchTemplateSpecificationProperty; LaunchTemplateSpecificationProperty.builder() // .id(java.lang.String) // .name(java.lang.String) // .version(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | id | java.lang.String | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. | | name | java.lang.String | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. | | version | java.lang.String | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. | --- ##### \`id\`Optional \`\`\`java public java.lang.String getId(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id) --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version) --- ### NodegroupOptions The Nodegroup Options for addNodeGroup() method. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.NodegroupOptions; NodegroupOptions.builder() // .amiType(NodegroupAmiType) // .capacityType(CapacityType) // .desiredSize(java.lang.Number) // .diskSize(java.lang.Number) // .forceUpdate(java.lang.Boolean) // .instanceTypes(java.util.List) // .labels(java.util.Map) // .launchTemplateSpec(LaunchTemplateSpec) // .maxSize(java.lang.Number) // .minSize(java.lang.Number) // .nodegroupName(java.lang.String) // .nodeRole(IRole) // .releaseVersion(java.lang.String) // .remoteAccess(NodegroupRemoteAccess) // .subnets(SubnetSelection) // .tags(java.util.Map) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | amiType | NodegroupAmiType | The AMI type for your node group. | | capacityType | CapacityType | The capacity type of the nodegroup. | | desiredSize | java.lang.Number | The current number of worker nodes that the managed node group should maintain. | | diskSize | java.lang.Number | The root device disk size (in GiB) for your node group instances. | | forceUpdate | java.lang.Boolean | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instanceTypes | java.util.List | The instance types to use for your node group. | | labels | java.util.Map | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | maxSize | java.lang.Number | The maximum number of worker nodes that the managed node group can scale out to. | | minSize | java.lang.Number | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroupName | java.lang.String | Name of the Nodegroup. | | nodeRole | software.amazon.awscdk.services.iam.IRole | The IAM role to associate with your node group. | | releaseVersion | java.lang.String | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | software.amazon.awscdk.services.ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | java.util.Map | The metadata to apply to the node group to assist with categorization and organization. | --- ##### \`amiType\`Optional \`\`\`java public NodegroupAmiType getAmiType(); \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacityType\`Optional \`\`\`java public CapacityType getCapacityType(); \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desiredSize\`Optional \`\`\`java public java.lang.Number getDesiredSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`diskSize\`Optional \`\`\`java public java.lang.Number getDiskSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`forceUpdate\`Optional \`\`\`java public java.lang.Boolean getForceUpdate(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`instanceTypes\`Optional \`\`\`java public java.util.List getInstanceTypes(); \`\`\` - *Type:* java.util.List - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`java public java.util.Map getLabels(); \`\`\` - *Type:* java.util.Map - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launchTemplateSpec\`Optional \`\`\`java public LaunchTemplateSpec getLaunchTemplateSpec(); \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`maxSize\`Optional \`\`\`java public java.lang.Number getMaxSize(); \`\`\` - *Type:* java.lang.Number - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`minSize\`Optional \`\`\`java public java.lang.Number getMinSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroupName\`Optional \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String - *Default:* resource ID Name of the Nodegroup. --- ##### \`nodeRole\`Optional \`\`\`java public IRole getNodeRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`releaseVersion\`Optional \`\`\`java public java.lang.String getReleaseVersion(); \`\`\` - *Type:* java.lang.String - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remoteAccess\`Optional \`\`\`java public NodegroupRemoteAccess getRemoteAccess(); \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional \`\`\`java public SubnetSelection getSubnets(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional \`\`\`java public java.util.Map getTags(); \`\`\` - *Type:* java.util.Map - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ### NodegroupProps NodeGroup properties interface. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.NodegroupProps; NodegroupProps.builder() // .amiType(NodegroupAmiType) // .capacityType(CapacityType) // .desiredSize(java.lang.Number) // .diskSize(java.lang.Number) // .forceUpdate(java.lang.Boolean) // .instanceTypes(java.util.List) // .labels(java.util.Map) // .launchTemplateSpec(LaunchTemplateSpec) // .maxSize(java.lang.Number) // .minSize(java.lang.Number) // .nodegroupName(java.lang.String) // .nodeRole(IRole) // .releaseVersion(java.lang.String) // .remoteAccess(NodegroupRemoteAccess) // .subnets(SubnetSelection) // .tags(java.util.Map) .cluster(ICluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | amiType | NodegroupAmiType | The AMI type for your node group. | | capacityType | CapacityType | The capacity type of the nodegroup. | | desiredSize | java.lang.Number | The current number of worker nodes that the managed node group should maintain. | | diskSize | java.lang.Number | The root device disk size (in GiB) for your node group instances. | | forceUpdate | java.lang.Boolean | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instanceTypes | java.util.List | The instance types to use for your node group. | | labels | java.util.Map | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | maxSize | java.lang.Number | The maximum number of worker nodes that the managed node group can scale out to. | | minSize | java.lang.Number | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroupName | java.lang.String | Name of the Nodegroup. | | nodeRole | software.amazon.awscdk.services.iam.IRole | The IAM role to associate with your node group. | | releaseVersion | java.lang.String | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | software.amazon.awscdk.services.ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | java.util.Map | The metadata to apply to the node group to assist with categorization and organization. | | cluster | ICluster | Cluster resource. | --- ##### \`amiType\`Optional \`\`\`java public NodegroupAmiType getAmiType(); \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacityType\`Optional \`\`\`java public CapacityType getCapacityType(); \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desiredSize\`Optional \`\`\`java public java.lang.Number getDesiredSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`diskSize\`Optional \`\`\`java public java.lang.Number getDiskSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`forceUpdate\`Optional \`\`\`java public java.lang.Boolean getForceUpdate(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`instanceTypes\`Optional \`\`\`java public java.util.List getInstanceTypes(); \`\`\` - *Type:* java.util.List - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`java public java.util.Map getLabels(); \`\`\` - *Type:* java.util.Map - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launchTemplateSpec\`Optional \`\`\`java public LaunchTemplateSpec getLaunchTemplateSpec(); \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`maxSize\`Optional \`\`\`java public java.lang.Number getMaxSize(); \`\`\` - *Type:* java.lang.Number - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`minSize\`Optional \`\`\`java public java.lang.Number getMinSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroupName\`Optional \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String - *Default:* resource ID Name of the Nodegroup. --- ##### \`nodeRole\`Optional \`\`\`java public IRole getNodeRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`releaseVersion\`Optional \`\`\`java public java.lang.String getReleaseVersion(); \`\`\` - *Type:* java.lang.String - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remoteAccess\`Optional \`\`\`java public NodegroupRemoteAccess getRemoteAccess(); \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional \`\`\`java public SubnetSelection getSubnets(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional \`\`\`java public java.util.Map getTags(); \`\`\` - *Type:* java.util.Map - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster Cluster resource. --- ### NodegroupRemoteAccess The remote access (SSH) configuration to use with your node group. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.NodegroupRemoteAccess; NodegroupRemoteAccess.builder() .sshKeyName(java.lang.String) // .sourceSecurityGroups(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | sshKeyName | java.lang.String | The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. | | sourceSecurityGroups | java.util.List | The security groups that are allowed SSH access (port 22) to the worker nodes. | --- ##### \`sshKeyName\`Required \`\`\`java public java.lang.String getSshKeyName(); \`\`\` - *Type:* java.lang.String The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. --- ##### \`sourceSecurityGroups\`Optional \`\`\`java public java.util.List getSourceSecurityGroups(); \`\`\` - *Type:* java.util.List - *Default:* port 22 on the worker nodes is opened to the internet (0.0.0.0/0) The security groups that are allowed SSH access (port 22) to the worker nodes. If you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0). --- ### OpenIdConnectProviderProps Initialization properties for \`OpenIdConnectProvider\`. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProviderProps; OpenIdConnectProviderProps.builder() .url(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | url | java.lang.String | The URL of the identity provider. | --- ##### \`url\`Required \`\`\`java public java.lang.String getUrl(); \`\`\` - *Type:* java.lang.String The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- ### ProviderProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster.ProviderProperty; ProviderProperty.builder() // .keyArn(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | keyArn | java.lang.String | \`CfnCluster.ProviderProperty.KeyArn\`. | --- ##### \`keyArn\`Optional \`\`\`java public java.lang.String getKeyArn(); \`\`\` - *Type:* java.lang.String \`CfnCluster.ProviderProperty.KeyArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn) --- ### RemoteAccessProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup.RemoteAccessProperty; RemoteAccessProperty.builder() .ec2SshKey(java.lang.String) // .sourceSecurityGroups(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ec2SshKey | java.lang.String | \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. | | sourceSecurityGroups | java.util.List | \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. | --- ##### \`ec2SshKey\`Required \`\`\`java public java.lang.String getEc2SshKey(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey) --- ##### \`sourceSecurityGroups\`Optional \`\`\`java public java.util.List getSourceSecurityGroups(); \`\`\` - *Type:* java.util.List \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups) --- ### ResourcesVpcConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster.ResourcesVpcConfigProperty; ResourcesVpcConfigProperty.builder() .subnetIds(java.util.List) // .securityGroupIds(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | subnetIds | java.util.List | \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. | | securityGroupIds | java.util.List | \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. | --- ##### \`subnetIds\`Required \`\`\`java public java.util.List getSubnetIds(); \`\`\` - *Type:* java.util.List \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids) --- ##### \`securityGroupIds\`Optional \`\`\`java public java.util.List getSecurityGroupIds(); \`\`\` - *Type:* java.util.List \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids) --- ### ScalingConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup.ScalingConfigProperty; ScalingConfigProperty.builder() // .desiredSize(java.lang.Number) // .maxSize(java.lang.Number) // .minSize(java.lang.Number) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | desiredSize | java.lang.Number | \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. | | maxSize | java.lang.Number | \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. | | minSize | java.lang.Number | \`CfnNodegroup.ScalingConfigProperty.MinSize\`. | --- ##### \`desiredSize\`Optional \`\`\`java public java.lang.Number getDesiredSize(); \`\`\` - *Type:* java.lang.Number \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize) --- ##### \`maxSize\`Optional \`\`\`java public java.lang.Number getMaxSize(); \`\`\` - *Type:* java.lang.Number \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize) --- ##### \`minSize\`Optional \`\`\`java public java.lang.Number getMinSize(); \`\`\` - *Type:* java.lang.Number \`CfnNodegroup.ScalingConfigProperty.MinSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize) --- ### Selector Fargate profile selector. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.Selector; Selector.builder() .namespace(java.lang.String) // .labels(java.util.Map) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | java.lang.String | The Kubernetes namespace that the selector should match. | | labels | java.util.Map | The Kubernetes labels that the selector should match. | --- ##### \`namespace\`Required \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String The Kubernetes namespace that the selector should match. You must specify a namespace for a selector. The selector only matches pods that are created in this namespace, but you can create multiple selectors to target multiple namespaces. --- ##### \`labels\`Optional \`\`\`java public java.util.Map getLabels(); \`\`\` - *Type:* java.util.Map - *Default:* all pods within the namespace will be selected. The Kubernetes labels that the selector should match. A pod must contain all of the labels that are specified in the selector for it to be considered a match. --- ### SelectorProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile.SelectorProperty; SelectorProperty.builder() .namespace(java.lang.String) // .labels(IResolvable) // .labels(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | java.lang.String | \`CfnFargateProfile.SelectorProperty.Namespace\`. | | labels | software.amazon.awscdk.IResolvable OR java.util.List<LabelProperty OR software.amazon.awscdk.IResolvable> | \`CfnFargateProfile.SelectorProperty.Labels\`. | --- ##### \`namespace\`Required \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String \`CfnFargateProfile.SelectorProperty.Namespace\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace) --- ##### \`labels\`Optional \`\`\`java public java.lang.Object getLabels(); \`\`\` - *Type:* software.amazon.awscdk.IResolvable OR java.util.List<LabelProperty OR software.amazon.awscdk.IResolvable> \`CfnFargateProfile.SelectorProperty.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels) --- ### ServiceAccountOptions Options for \`ServiceAccount\`. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ServiceAccountOptions; ServiceAccountOptions.builder() // .name(java.lang.String) // .namespace(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | java.lang.String | The name of the service account. | | namespace | java.lang.String | The namespace of the service account. | --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* "default" The namespace of the service account. --- ### ServiceAccountProps Properties for defining service accounts. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ServiceAccountProps; ServiceAccountProps.builder() // .name(java.lang.String) // .namespace(java.lang.String) .cluster(ICluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | java.lang.String | The name of the service account. | | namespace | java.lang.String | The namespace of the service account. | | cluster | ICluster | The cluster to apply the patch to. | --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* "default" The namespace of the service account. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The cluster to apply the patch to. --- ### ServiceLoadBalancerAddressOptions Options for fetching a ServiceLoadBalancerAddress. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ServiceLoadBalancerAddressOptions; ServiceLoadBalancerAddressOptions.builder() // .namespace(java.lang.String) // .timeout(Duration) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | java.lang.String | The namespace the service belongs to. | | timeout | software.amazon.awscdk.Duration | Timeout for waiting on the load balancer address. | --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* 'default' The namespace the service belongs to. --- ##### \`timeout\`Optional \`\`\`java public Duration getTimeout(); \`\`\` - *Type:* software.amazon.awscdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- ### TaintProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup.TaintProperty; TaintProperty.builder() // .effect(java.lang.String) // .key(java.lang.String) // .value(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | effect | java.lang.String | \`CfnNodegroup.TaintProperty.Effect\`. | | key | java.lang.String | \`CfnNodegroup.TaintProperty.Key\`. | | value | java.lang.String | \`CfnNodegroup.TaintProperty.Value\`. | --- ##### \`effect\`Optional \`\`\`java public java.lang.String getEffect(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.TaintProperty.Effect\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect) --- ##### \`key\`Optional \`\`\`java public java.lang.String getKey(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.TaintProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key) --- ##### \`value\`Optional \`\`\`java public java.lang.String getValue(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.TaintProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value) --- ## Classes ### EksOptimizedImage - *Implements:* software.amazon.awscdk.services.ec2.IMachineImage Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.EksOptimizedImage; EksOptimizedImage.Builder.create() // .cpuArch(CpuArch) // .kubernetesVersion(java.lang.String) // .nodeType(NodeType) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | cpuArch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | kubernetesVersion | java.lang.String | The Kubernetes version to use. | | nodeType | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`cpuArch\`Optional - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`kubernetesVersion\`Optional - *Type:* java.lang.String - *Default:* The latest version The Kubernetes version to use. --- ##### \`nodeType\`Optional - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- #### Methods | **Name** | **Description** | | --- | --- | | getImage | Return the correct image. | --- ##### \`getImage\` \`\`\`java public MachineImageConfig getImage(Construct scope) \`\`\` Return the correct image. ###### \`scope\`Required - *Type:* software.constructs.Construct --- ### EndpointAccess Endpoint access characteristics. #### Methods | **Name** | **Description** | | --- | --- | | onlyFrom | Restrict public access to specific CIDR blocks. | --- ##### \`onlyFrom\` \`\`\`java public EndpointAccess onlyFrom(java.lang.String cidr) \`\`\` Restrict public access to specific CIDR blocks. If public access is disabled, this method will result in an error. ###### \`cidr\`Required - *Type:* java.lang.String CIDR blocks. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | PRIVATE | EndpointAccess | The cluster endpoint is only accessible through your VPC. | | PUBLIC | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | | PUBLIC_AND_PRIVATE | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | --- ##### \`PRIVATE\`Required \`\`\`java public EndpointAccess getPrivate(); \`\`\` - *Type:* EndpointAccess The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC. --- ##### \`PUBLIC\`Required \`\`\`java public EndpointAccess getPublic(); \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic will leave your VPC to connect to the endpoint. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ##### \`PUBLIC_AND_PRIVATE\`Required \`\`\`java public EndpointAccess getPublicAndPrivate(); \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic to the endpoint will stay within your VPC. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC_AND_PRIVATE.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ### KubernetesVersion Kubernetes cluster version. #### Static Functions | **Name** | **Description** | | --- | --- | | of | Custom cluster version. | --- ##### \`of\` \`\`\`java import software.amazon.awscdk.services.eks.KubernetesVersion; KubernetesVersion.of(java.lang.String version) \`\`\` Custom cluster version. ###### \`version\`Required - *Type:* java.lang.String custom version number. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | java.lang.String | cluster version number. | --- ##### \`version\`Required \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String cluster version number. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | V1_14 | KubernetesVersion | Kubernetes version 1.14. | | V1_15 | KubernetesVersion | Kubernetes version 1.15. | | V1_16 | KubernetesVersion | Kubernetes version 1.16. | | V1_17 | KubernetesVersion | Kubernetes version 1.17. | | V1_18 | KubernetesVersion | Kubernetes version 1.18. | | V1_19 | KubernetesVersion | Kubernetes version 1.19. | --- ##### \`V1_14\`Required \`\`\`java public KubernetesVersion getV114(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.14. --- ##### \`V1_15\`Required \`\`\`java public KubernetesVersion getV115(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.15. --- ##### \`V1_16\`Required \`\`\`java public KubernetesVersion getV116(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.16. --- ##### \`V1_17\`Required \`\`\`java public KubernetesVersion getV117(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.17. --- ##### \`V1_18\`Required \`\`\`java public KubernetesVersion getV118(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.18. --- ##### \`V1_19\`Required \`\`\`java public KubernetesVersion getV119(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.19. --- ## Protocols ### ICluster - *Extends:* software.amazon.awscdk.IResource, software.amazon.awscdk.services.ec2.IConnectable - *Implemented By:* Cluster, FargateCluster, ICluster An EKS cluster. #### Methods | **Name** | **Description** | | --- | --- | | addCdk8sChart | Defines a CDK8s chart in this cluster. | | addHelmChart | Defines a Helm chart in this cluster. | | addManifest | Defines a Kubernetes resource in this cluster. | | addServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | --- ##### \`addCdk8sChart\` \`\`\`java public KubernetesManifest addCdk8sChart(java.lang.String id, Construct chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`chart\`Required - *Type:* software.constructs.Construct the cdk8s chart. --- ##### \`addHelmChart\` \`\`\`java public HelmChart addHelmChart(java.lang.String id, HelmChartOptions options) \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`addManifest\` \`\`\`java public KubernetesManifest addManifest(java.lang.String id, java.util.Map manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* java.lang.String logical id of this manifest. --- ###### \`manifest\`Required - *Type:* java.util.Map a list of Kubernetes resource specifications. --- ##### \`addServiceAccount\` \`\`\`java public ServiceAccount addServiceAccount(java.lang.String id) public ServiceAccount addServiceAccount(java.lang.String id, ServiceAccountOptions options) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* java.lang.String logical id of service account. --- ###### \`options\`Optional - *Type:* ServiceAccountOptions service account options. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | env | software.amazon.awscdk.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.Stack | The stack in which this resource is defined. | | connections | software.amazon.awscdk.services.ec2.Connections | *No description.* | | clusterArn | java.lang.String | The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. | | clusterCertificateAuthorityData | java.lang.String | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | java.lang.String | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | java.lang.String | The API Server endpoint URL. | | clusterName | java.lang.String | The physical name of the Cluster. | | clusterSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | clusterSecurityGroupId | java.lang.String | The id of the cluster security group that was created by Amazon EKS for the cluster. | | openIdConnectProvider | software.amazon.awscdk.services.iam.IOpenIdConnectProvider | The Open ID Connect Provider of the cluster used to configure Service Accounts. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources can be automatically pruned. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which this Cluster was created. | | kubectlEnvironment | java.util.Map | Custom environment variables when running \`kubectl\` against this cluster. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. | | kubectlMemory | software.amazon.awscdk.Size | Amount of memory to allocate to the provider's lambda function. | | kubectlPrivateSubnets | java.util.List | Subnets to host the \`kubectl\` compute resources. | | kubectlRole | software.amazon.awscdk.services.iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectlSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this resource is defined. --- ##### \`connections\`Required \`\`\`java public Connections getConnections(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.Connections --- ##### \`clusterArn\`Required \`\`\`java public java.lang.String getClusterArn(); \`\`\` - *Type:* java.lang.String The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. --- ##### \`clusterCertificateAuthorityData\`Required \`\`\`java public java.lang.String getClusterCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Required \`\`\`java public java.lang.String getClusterEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Required \`\`\`java public java.lang.String getClusterEndpoint(); \`\`\` - *Type:* java.lang.String The API Server endpoint URL. --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String The physical name of the Cluster. --- ##### \`clusterSecurityGroup\`Required \`\`\`java public ISecurityGroup getClusterSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`clusterSecurityGroupId\`Required \`\`\`java public java.lang.String getClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`openIdConnectProvider\`Required \`\`\`java public IOpenIdConnectProvider getOpenIdConnectProvider(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IOpenIdConnectProvider The Open ID Connect Provider of the cluster used to configure Service Accounts. --- ##### \`prune\`Required \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean Indicates whether Kubernetes resources can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`vpc\`Required \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc The VPC in which this Cluster was created. --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. If not defined, a default layer will be used. --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.Size Amount of memory to allocate to the provider's lambda function. --- ##### \`kubectlPrivateSubnets\`Optional \`\`\`java public java.util.List getKubectlPrivateSubnets(); \`\`\` - *Type:* java.util.List Subnets to host the \`kubectl\` compute resources. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ##### \`kubectlRole\`Optional \`\`\`java public IRole getKubectlRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectlSecurityGroup\`Optional \`\`\`java public ISecurityGroup getKubectlSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup A security group to use for \`kubectl\` execution. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ### INodegroup - *Extends:* software.amazon.awscdk.IResource - *Implemented By:* Nodegroup, INodegroup NodeGroup interface. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.constructs.Node | The tree node. | | env | software.amazon.awscdk.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.Stack | The stack in which this resource is defined. | | nodegroupName | java.lang.String | Name of the nodegroup. | --- ##### \`node\`Required \`\`\`java public Node getNode(); \`\`\` - *Type:* software.constructs.Node The tree node. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.Stack The stack in which this resource is defined. --- ##### \`nodegroupName\`Required \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String Name of the nodegroup. --- ## Enums ### CapacityType Capacity type of the managed node group. #### Members | **Name** | **Description** | | --- | --- | | SPOT | spot instances. | | ON_DEMAND | on-demand instances. | --- ##### \`SPOT\` spot instances. --- ##### \`ON_DEMAND\` on-demand instances. --- ### CoreDnsComputeType The type of compute resources to use for CoreDNS. #### Members | **Name** | **Description** | | --- | --- | | EC2 | Deploy CoreDNS on EC2 instances. | | FARGATE | Deploy CoreDNS on Fargate-managed instances. | --- ##### \`EC2\` Deploy CoreDNS on EC2 instances. --- ##### \`FARGATE\` Deploy CoreDNS on Fargate-managed instances. --- ### CpuArch CPU architecture. #### Members | **Name** | **Description** | | --- | --- | | ARM_64 | arm64 CPU type. | | X86_64 | x86_64 CPU type. | --- ##### \`ARM_64\` arm64 CPU type. --- ##### \`X86_64\` x86_64 CPU type. --- ### DefaultCapacityType The default capacity type for the cluster. #### Members | **Name** | **Description** | | --- | --- | | NODEGROUP | managed node group. | | EC2 | EC2 autoscaling group. | --- ##### \`NODEGROUP\` managed node group. --- ##### \`EC2\` EC2 autoscaling group. --- ### MachineImageType The machine image type. #### Members | **Name** | **Description** | | --- | --- | | AMAZON_LINUX_2 | Amazon EKS-optimized Linux AMI. | | BOTTLEROCKET | Bottlerocket AMI. | --- ##### \`AMAZON_LINUX_2\` Amazon EKS-optimized Linux AMI. --- ##### \`BOTTLEROCKET\` Bottlerocket AMI. --- ### NodegroupAmiType The AMI type for your node group. GPU instance types should use the \`AL2_x86_64_GPU\` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the \`AL2_x86_64\` AMI type, which uses the Amazon EKS-optimized Linux AMI. #### Members | **Name** | **Description** | | --- | --- | | AL2_X86_64 | Amazon Linux 2 (x86-64). | | AL2_X86_64_GPU | Amazon Linux 2 with GPU support. | | AL2_ARM_64 | Amazon Linux 2 (ARM-64). | --- ##### \`AL2_X86_64\` Amazon Linux 2 (x86-64). --- ##### \`AL2_X86_64_GPU\` Amazon Linux 2 with GPU support. --- ##### \`AL2_ARM_64\` Amazon Linux 2 (ARM-64). --- ### NodeType Whether the worker nodes should support GPU or just standard instances. #### Members | **Name** | **Description** | | --- | --- | | STANDARD | Standard instances. | | GPU | GPU instances. | | INFERENTIA | Inferentia instances. | --- ##### \`STANDARD\` Standard instances. --- ##### \`GPU\` GPU instances. --- ##### \`INFERENTIA\` Inferentia instances. --- ### PatchType Values for \`kubectl patch\` --type argument. #### Members | **Name** | **Description** | | --- | --- | | JSON | JSON Patch, RFC 6902. | | MERGE | JSON Merge patch. | | STRATEGIC | Strategic merge patch. | --- ##### \`JSON\` JSON Patch, RFC 6902. --- ##### \`MERGE\` JSON Merge patch. --- ##### \`STRATEGIC\` Strategic merge patch. --- " `; exports[`java snapshot - submodules 2 1`] = ` "# Amazon EKS Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This construct library allows you to define [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com/eks/) clusters. In addition, the library also supports defining Kubernetes resource manifests within EKS clusters. ## Table Of Contents * [Quick Start](#quick-start) * [API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-eks-readme.html) * [Architectural Overview](#architectural-overview) * [Provisioning clusters](#provisioning-clusters) * [Managed node groups](#managed-node-groups) * [Fargate Profiles](#fargate-profiles) * [Self-managed nodes](#self-managed-nodes) * [Endpoint Access](#endpoint-access) * [VPC Support](#vpc-support) * [Kubectl Support](#kubectl-support) * [ARM64 Support](#arm64-support) * [Masters Role](#masters-role) * [Encryption](#encryption) * [Permissions and Security](#permissions-and-security) * [Applying Kubernetes Resources](#applying-kubernetes-resources) * [Kubernetes Manifests](#kubernetes-manifests) * [Helm Charts](#helm-charts) * [CDK8s Charts](#cdk8s-charts) * [Patching Kubernetes Resources](#patching-kubernetes-resources) * [Querying Kubernetes Resources](#querying-kubernetes-resources) * [Using existing clusters](#using-existing-clusters) * [Known Issues and Limitations](#known-issues-and-limitations) ## Quick Start This example defines an Amazon EKS cluster with the following configuration: * Dedicated VPC with default configuration (Implicitly created using [ec2.Vpc](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html#vpc)) * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image. \`\`\`ts // provisiong a cluster const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, }); // apply a kubernetes manifest to the cluster cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ] } }); \`\`\` In order to interact with your cluster through \`kubectl\`, you can use the \`aws eks update-kubeconfig\` [AWS CLI command](https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html) to configure your local kubeconfig. The EKS module will define a CloudFormation output in your stack which contains the command to run. For example: \`\`\`plaintext Outputs: ClusterConfigCommand43AAE40F = aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy \`\`\` Execute the \`aws eks update-kubeconfig ...\` command in your terminal to create or update a local kubeconfig context: \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` And now you can simply use \`kubectl\`: \`\`\`console $ kubectl get all -n kube-system NAME READY STATUS RESTARTS AGE pod/aws-node-fpmwv 1/1 Running 0 21m pod/aws-node-m9htf 1/1 Running 0 21m pod/coredns-5cb4fb54c7-q222j 1/1 Running 0 23m pod/coredns-5cb4fb54c7-v9nxx 1/1 Running 0 23m ... \`\`\` ## Architectural Overview The following is a qualitative diagram of the various possible components involved in the cluster deployment. \`\`\`text +-----------------------------------------------+ +-----------------+ | EKS Cluster | kubectl | | |-----------------------------------------------|<-------------+| Kubectl Handler | | | | | | | +-----------------+ | +--------------------+ +-----------------+ | | | | | | | | | Managed Node Group | | Fargate Profile | | +-----------------+ | | | | | | | | | +--------------------+ +-----------------+ | | Cluster Handler | | | | | +-----------------------------------------------+ +-----------------+ ^ ^ + | | | | connect self managed capacity | | aws-sdk | | create/update/delete | + | v +--------------------+ + +-------------------+ | | --------------+| eks.amazonaws.com | | Auto Scaling Group | +-------------------+ | | +--------------------+ \`\`\` In a nutshell: * \`EKS Cluster\` - The cluster endpoint created by EKS. * \`Managed Node Group\` - EC2 worker nodes managed by EKS. * \`Fargate Profile\` - Fargate worker nodes managed by EKS. * \`Auto Scaling Group\` - EC2 worker nodes managed by the user. * \`KubectlHandler\` - Lambda function for invoking \`kubectl\` commands on the cluster - created by CDK. * \`ClusterHandler\` - Lambda function for interacting with EKS API to manage the cluster lifecycle - created by CDK. A more detailed breakdown of each is provided further down this README. ## Provisioning clusters Creating a new cluster is done using the \`Cluster\` or \`FargateCluster\` constructs. The only required property is the kubernetes \`version\`. \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` You can also use \`FargateCluster\` to provision a cluster that uses only fargate workers. \`\`\`ts new eks.FargateCluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` > **NOTE: Only 1 cluster per stack is supported.** If you have a use-case for multiple clusters per stack, or would like to understand more about this limitation, see . Below you'll find a few important cluster configuration options. First of which is Capacity. Capacity is the amount and the type of worker nodes that are available to the cluster for deploying resources. Amazon EKS offers 3 ways of configuring capacity, which you can combine as you like: ### Managed node groups Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. With Amazon EKS managed node groups, you don’t need to separately provision or register the Amazon EC2 instances that provide compute capacity to run your Kubernetes applications. You can create, update, or terminate nodes for your cluster with a single operation. Nodes run using the latest Amazon EKS optimized AMIs in your AWS account while node updates and terminations gracefully drain nodes to ensure that your applications stay available. > For more details visit [Amazon EKS Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). **Managed Node Groups are the recommended way to allocate cluster capacity.** By default, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). At cluster instantiation time, you can customize the number of instances and their type: \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); \`\`\` To access the node group that was created on your behalf, you can use \`cluster.defaultNodegroup\`. Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the \`cluster.addNodegroupCapacity\` method: \`\`\`ts const cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 0, }); cluster.addNodegroupCapacity('custom-node-group', { instanceTypes: [new ec2.InstanceType('m5.large')], minSize: 4, diskSize: 100, amiType: eks.NodegroupAmiType.AL2_X86_64_GPU, ... }); \`\`\` #### Spot Instances Support Use \`capacityType\` to create managed node groups comprised of spot instances. To maximize the availability of your applications while using Spot Instances, we recommend that you configure a Spot managed node group to use multiple instance types with the \`instanceTypes\` property. > For more details visit [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types). \`\`\`ts cluster.addNodegroupCapacity('extra-ng-spot', { instanceTypes: [ new ec2.InstanceType('c5.large'), new ec2.InstanceType('c5a.large'), new ec2.InstanceType('c5d.large'), ], minSize: 3, capacityType: eks.CapacityType.SPOT, }); \`\`\` #### Launch Template Support You can specify a launch template that the node group will use. For example, this can be useful if you want to use a custom AMI or add custom user data. When supplying a custom user data script, it must be encoded in the MIME multi-part archive format, since Amazon EKS merges with its own user data. Visit the [Launch Template Docs](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data) for mode details. \`\`\`ts const userData = \`MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "Running custom user data script" --==MYBOUNDARY==--\\\\ \`; const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { instanceType: 't3.small', userData: Fn.base64(userData), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` Note that when using a custom AMI, Amazon EKS doesn't merge any user data. Which means you do not need the multi-part encoding. and are responsible for supplying the required bootstrap commands for nodes to join the cluster. In the following example, \`/ect/eks/bootstrap.sh\` from the AMI will be used to bootstrap the node. \`\`\`ts const userData = ec2.UserData.forLinux(); userData.addCommands( 'set -o xtrace', \`/etc/eks/bootstrap.sh \${cluster.clusterName}\`, ); const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { imageId: 'some-ami-id', // custom AMI instanceType: 't3.small', userData: Fn.base64(userData.render()), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` You may specify one \`instanceType\` in the launch template or multiple \`instanceTypes\` in the node group, **but not both**. > For more details visit [Launch Template Support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). Graviton 2 instance types are supported including \`c6g\`, \`m6g\`, \`r6g\` and \`t4g\`. ### Fargate profiles AWS Fargate is a technology that provides on-demand, right-sized compute capacity for containers. With AWS Fargate, you no longer have to provision, configure, or scale groups of virtual machines to run containers. This removes the need to choose server types, decide when to scale your node groups, or optimize cluster packing. You can control which pods start on Fargate and how they run with Fargate Profiles, which are defined as part of your Amazon EKS cluster. See [Fargate Considerations](https://docs.aws.amazon.com/eks/latest/userguide/fargate.html#fargate-considerations) in the AWS EKS User Guide. You can add Fargate Profiles to any EKS cluster defined in your CDK app through the \`addFargateProfile()\` method. The following example adds a profile that will match all pods from the "default" namespace: \`\`\`ts cluster.addFargateProfile('MyProfile', { selectors: [ { namespace: 'default' } ] }); \`\`\` You can also directly use the \`FargateProfile\` construct to create profiles under different scopes: \`\`\`ts new eks.FargateProfile(scope, 'MyProfile', { cluster, ... }); \`\`\` To create an EKS cluster that **only** uses Fargate capacity, you can use \`FargateCluster\`. The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns). \`\`\`ts const cluster = new eks.FargateCluster(this, 'MyCluster', { version: eks.KubernetesVersion.V1_19, }); \`\`\` **NOTE**: Classic Load Balancers and Network Load Balancers are not supported on pods running on Fargate. For ingress, we recommend that you use the [ALB Ingress Controller](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) on Amazon EKS (minimum version v1.1.4). ### Self-managed nodes Another way of allocating capacity to an EKS cluster is by using self-managed nodes. EC2 instances that are part of the auto-scaling group will serve as worker nodes for the cluster. This type of capacity is also commonly referred to as *EC2 Capacity** or *EC2 Nodes*. For a detailed overview please visit [Self Managed Nodes](https://docs.aws.amazon.com/eks/latest/userguide/worker.html). Creating an auto-scaling group and connecting it to the cluster is done using the \`cluster.addAutoScalingGroupCapacity\` method: \`\`\`ts cluster.addAutoScalingGroupCapacity('frontend-nodes', { instanceType: new ec2.InstanceType('t2.medium'), minCapacity: 3, vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC } }); \`\`\` To connect an already initialized auto-scaling group, use the \`cluster.connectAutoScalingGroupCapacity()\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...); cluster.connectAutoScalingGroupCapacity(asg); \`\`\` In both cases, the [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#cluster-sg) will be automatically attached to the auto-scaling group, allowing for traffic to flow freely between managed and self-managed nodes. > **Note:** The default \`updateType\` for auto-scaling groups does not replace existing nodes. Since security groups are determined at launch time, self-managed nodes that were provisioned with version \`1.78.0\` or lower, will not be updated. > To apply the new configuration on all your self-managed nodes, you'll need to replace the nodes using the \`UpdateType.REPLACING_UPDATE\` policy for the [\`updateType\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-autoscaling.AutoScalingGroup.html#updatetypespan-classapi-icon-api-icon-deprecated-titlethis-api-element-is-deprecated-its-use-is-not-recommended%EF%B8%8Fspan) property. You can customize the [/etc/eks/boostrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) script, which is responsible for bootstrapping the node to the EKS cluster. For example, you can use \`kubeletExtraArgs\` to add custom node labels or taints. \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { instanceType: new ec2.InstanceType('t3.large'), minCapacity: 2, bootstrapOptions: { kubeletExtraArgs: '--node-labels foo=bar,goo=far', awsApiRetryAttempts: 5 } }); \`\`\` To disable bootstrapping altogether (i.e. to fully customize user-data), set \`bootstrapEnabled\` to \`false\`. You can also configure the cluster to use an auto-scaling group as the default capacity: \`\`\`ts cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacityType: eks.DefaultCapacityType.EC2, }); \`\`\` This will allocate an auto-scaling group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). To access the \`AutoScalingGroup\` that was created on your behalf, you can use \`cluster.defaultCapacity\`. You can also independently create an \`AutoScalingGroup\` and connect it to the cluster using the \`cluster.connectAutoScalingGroupCapacity\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...) cluster.connectAutoScalingGroupCapacity(asg); \`\`\` This will add the necessary user-data to access the apiserver and configure all connections, roles, and tags needed for the instances in the auto-scaling group to properly join the cluster. #### Spot Instances When using self-managed nodes, you can configure the capacity to use spot instances, greatly reducing capacity cost. To enable spot capacity, use the \`spotPrice\` property: \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { spotPrice: '0.1094', instanceType: new ec2.InstanceType('t3.large'), maxCapacity: 10 }); \`\`\` > Spot instance nodes will be labeled with \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. The [AWS Node Termination Handler](https://github.com/aws/aws-node-termination-handler) \`DaemonSet\` will be installed from [Amazon EKS Helm chart repository](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler) on these nodes. The termination handler ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as [EC2 maintenance events](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) and [EC2 Spot interruptions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html) and helps gracefully stop all pods running on spot nodes that are about to be terminated. > Handler Version: [1.7.0](https://github.com/aws/aws-node-termination-handler/releases/tag/v1.7.0) > > Chart Version: [0.9.5](https://github.com/aws/eks-charts/blob/v0.0.28/stable/aws-node-termination-handler/Chart.yaml) To disable the installation of the termination handler, set the \`spotInterruptHandler\` property to \`false\`. This applies both to \`addAutoScalingGroupCapacity\` and \`connectAutoScalingGroupCapacity\`. #### Bottlerocket [Bottlerocket](https://aws.amazon.com/bottlerocket/) is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts. At this moment, \`Bottlerocket\` is only supported when using self-managed auto-scaling groups. > **NOTICE**: Bottlerocket is only available in [some supported AWS regions](https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#finding-an-ami). The following example will create an auto-scaling group of 2 \`t3.small\` Linux instances running with the \`Bottlerocket\` AMI. \`\`\`ts cluster.addAutoScalingGroupCapacity('BottlerocketNodes', { instanceType: new ec2.InstanceType('t3.small'), minCapacity: 2, machineImageType: eks.MachineImageType.BOTTLEROCKET }); \`\`\` The specific Bottlerocket AMI variant will be auto selected according to the k8s version for the \`x86_64\` architecture. For example, if the Amazon EKS cluster version is \`1.17\`, the Bottlerocket AMI variant will be auto selected as \`aws-k8s-1.17\` behind the scene. > See [Variants](https://github.com/bottlerocket-os/bottlerocket/blob/develop/README.md#variants) for more details. Please note Bottlerocket does not allow to customize bootstrap options and \`bootstrapOptions\` properties is not supported when you create the \`Bottlerocket\` capacity. ### Endpoint Access When you create a new cluster, Amazon EKS creates an endpoint for the managed Kubernetes API server that you use to communicate with your cluster (using Kubernetes management tools such as \`kubectl\`) By default, this API server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC). You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the \`endpointAccess\` property: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, endpointAccess: eks.EndpointAccess.PRIVATE // No access outside of your VPC. }); \`\`\` The default value is \`eks.EndpointAccess.PUBLIC_AND_PRIVATE\`. Which means the cluster endpoint is accessible from outside of your VPC, but worker node traffic and \`kubectl\` commands issued by this library stay within your VPC. ### VPC Support You can specify the VPC of the cluster using the \`vpc\` and \`vpcSubnets\` properties: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }] }); \`\`\` > Note: Isolated VPCs (i.e with no internet access) are not currently supported. See https://github.com/aws/aws-cdk/issues/12171 If you do not specify a VPC, one will be created on your behalf, which you can then access via \`cluster.vpc\`. The cluster VPC will be associated to any EKS managed capacity (i.e Managed Node Groups and Fargate Profiles). If you allocate self managed capacity, you can specify which subnets should the auto-scaling group use: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); cluster.addAutoScalingGroupCapacity('nodes', { vpcSubnets: { subnets: vpc.privateSubnets } }); \`\`\` There are two additional components you might want to provision within the VPC. #### Kubectl Handler The \`KubectlHandler\` is a Lambda function responsible to issuing \`kubectl\` and \`helm\` commands against the cluster when you add resource manifests to the cluster. The handler association to the VPC is derived from the \`endpointAccess\` configuration. The rule of thumb is: *If the cluster VPC can be associated, it will be*. Breaking this down, it means that if the endpoint exposes private access (via \`EndpointAccess.PRIVATE\` or \`EndpointAccess.PUBLIC_AND_PRIVATE\`), and the VPC contains **private** subnets, the Lambda function will be provisioned inside the VPC and use the private subnets to interact with the cluster. This is the common use-case. If the endpoint does not expose private access (via \`EndpointAccess.PUBLIC\`) **or** the VPC does not contain private subnets, the function will not be provisioned within the VPC. #### Cluster Handler The \`ClusterHandler\` is a Lambda function responsible to interact with the EKS API in order to control the cluster lifecycle. To provision this function inside the VPC, set the \`placeClusterHandlerInVpc\` property to \`true\`. This will place the function inside the private subnets of the VPC based on the selection strategy specified in the [\`vpcSubnets\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-eks.Cluster.html#vpcsubnetsspan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) property. You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, clusterHandlerEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` ### Kubectl Support The resources are created in the cluster by running \`kubectl apply\` from a python lambda function. #### Environment You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` #### Runtime The kubectl handler uses \`kubectl\`, \`helm\` and the \`aws\` CLI in order to interact with the cluster. These are bundled into AWS Lambda layers included in the \`@aws-cdk/lambda-layer-awscli\` and \`@aws-cdk/lambda-layer-kubectl\` modules. You can specify a custom \`lambda.LayerVersion\` if you wish to use a different version of these tools. The handler expects the layer to include the following three executables: \`\`\`text helm/helm kubectl/kubectl awscli/aws \`\`\` See more information in the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-awscli/layer) for @aws-cdk/lambda-layer-awscli and the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-kubectl/layer) for @aws-cdk/lambda-layer-kubectl. \`\`\`ts const layer = new lambda.LayerVersion(this, 'KubectlLayer', { code: lambda.Code.fromAsset('layer.zip'), }); \`\`\` Now specify when the cluster is defined: \`\`\`ts const cluster = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, }); // or const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlLayer: layer, }); \`\`\` #### Memory By default, the kubectl provider is configured with 1024MiB of memory. You can use the \`kubectlMemory\` option to specify the memory size for the AWS Lambda function: \`\`\`ts import { Size } from 'aws-cdk-lib'; new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); // or eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); \`\`\` ### ARM64 Support Instance types with \`ARM64\` architecture are supported in both managed nodegroup and self-managed capacity. Simply specify an ARM64 \`instanceType\` (such as \`m6g.medium\`), and the latest Amazon Linux 2 AMI for ARM64 will be automatically selected. \`\`\`ts // add a managed ARM64 nodegroup cluster.addNodegroupCapacity('extra-ng-arm', { instanceTypes: [new ec2.InstanceType('m6g.medium')], minSize: 2, }); // add a self-managed ARM64 nodegroup cluster.addAutoScalingGroupCapacity('self-ng-arm', { instanceType: new ec2.InstanceType('m6g.medium'), minCapacity: 2, }) \`\`\` ### Masters Role When you create a cluster, you can specify a \`mastersRole\`. The \`Cluster\` construct will associate this role with the \`system:masters\` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster. \`\`\`ts const role = new iam.Role(...); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, mastersRole: role, }); \`\`\` If you do not specify it, a default role will be created on your behalf, that can be assumed by anyone in the account with \`sts:AssumeRole\` permissions for this role. This is the role you see as part of the stack outputs mentioned in the [Quick Start](#quick-start). \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` ### Encryption When you create an Amazon EKS cluster, envelope encryption of Kubernetes secrets using the AWS Key Management Service (AWS KMS) can be enabled. The documentation on [creating a cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) can provide more details about the customer master key (CMK) that can be used for the encryption. You can use the \`secretsEncryptionKey\` to configure which key the cluster will use to encrypt Kubernetes secrets. By default, an AWS Managed key will be used. > This setting can only be specified when the cluster is created and cannot be updated. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, // ... }); \`\`\` You can also use a similar configuration for running a cluster built using the FargateCluster construct. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey }); \`\`\` The Amazon Resource Name (ARN) for that CMK can be retrieved. \`\`\`ts const clusterEncryptionConfigKeyArn = cluster.clusterEncryptionConfigKeyArn; \`\`\` ## Permissions and Security Amazon EKS provides several mechanism of securing the cluster and granting permissions to specific IAM users and roles. ### AWS IAM Mapping As described in the [Amazon EKS User Guide](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html), you can map AWS IAM users and roles to [Kubernetes Role-based access control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac). The Amazon EKS construct manages the *aws-auth* \`ConfigMap\` Kubernetes resource on your behalf and exposes an API through the \`cluster.awsAuth\` for mapping users, roles and accounts. Furthermore, when auto-scaling group capacity is added to the cluster, the IAM instance role of the auto-scaling group will be automatically mapped to RBAC so nodes can connect to the cluster. No manual mapping is required. For example, let's say you want to grant an IAM user administrative privileges on your cluster: \`\`\`ts const adminUser = new iam.User(this, 'Admin'); cluster.awsAuth.addUserMapping(adminUser, { groups: [ 'system:masters' ]}); \`\`\` A convenience method for mapping a role to the \`system:masters\` group is also available: \`\`\`ts cluster.awsAuth.addMastersRole(role) \`\`\` ### Cluster Security Group When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) is automatically created as well. This security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. The ID for that security group can be retrieved after creating the cluster. \`\`\`ts const clusterSecurityGroupId = cluster.clusterSecurityGroupId; \`\`\` ### Node SSH Access If you want to be able to SSH into your worker nodes, you must already have an SSH key in the region you're connecting to and pass it when you add capacity to the cluster. You must also be able to connect to the hosts (meaning they must have a public IP and you should be allowed to connect to them on port 22): See [SSH into nodes](test/example.ssh-into-nodes.lit.ts) for a code example. If you want to SSH into nodes in a private subnet, you should set up a bastion host in a public subnet. That setup is recommended, but is unfortunately beyond the scope of this documentation. ### Service Accounts With services account you can provide Kubernetes Pods access to AWS resources. \`\`\`ts // add service account const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); const mypod = cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { serviceAccountName: sa.serviceAccountName containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ], } ] } }); // create the resource after the service account. mypod.node.addDependency(sa); // print the IAM role arn for this service account new cdk.CfnOutput(this, 'ServiceAccountIamRole', { value: sa.role.roleArn }) \`\`\` Note that using \`sa.serviceAccountName\` above **does not** translate into a resource dependency. This is why an explicit dependency is needed. See for more details. You can also add service accounts to existing clusters. To do so, pass the \`openIdConnectProvider\` property when you import the cluster into the application. \`\`\`ts // you can import an existing provider const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC'); // or create a new one using an existing issuer url const provider = new eks.OpenIdConnectProvider(this, 'Provider', issuerUrl); const cluster = eks.Cluster.fromClusterAttributes({ clusterName: 'Cluster', openIdConnectProvider: provider, kubectlRoleArn: 'arn:aws:iam::123456:role/service-role/k8sservicerole', }); const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); // ... \`\`\` Note that adding service accounts requires running \`kubectl\` commands against the cluster. This means you must also pass the \`kubectlRoleArn\` when importing the cluster. See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/master/packages/@aws-cdk/aws-eks#using-existing-clusters). ## Applying Kubernetes Resources The library supports several popular resource deployment mechanisms, among which are: ### Kubernetes Manifests The \`KubernetesManifest\` construct or \`cluster.addManifest\` method can be used to apply Kubernetes resource manifests to this cluster. > When using \`cluster.addManifest\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new KubernetesManifest\` to create the manifest in the scope of the other stack. The following examples will deploy the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) service on the cluster: \`\`\`ts const appLabel = { app: "hello-kubernetes" }; const deployment = { apiVersion: "apps/v1", kind: "Deployment", metadata: { name: "hello-kubernetes" }, spec: { replicas: 3, selector: { matchLabels: appLabel }, template: { metadata: { labels: appLabel }, spec: { containers: [ { name: "hello-kubernetes", image: "paulbouwer/hello-kubernetes:1.5", ports: [ { containerPort: 8080 } ] } ] } } } }; const service = { apiVersion: "v1", kind: "Service", metadata: { name: "hello-kubernetes" }, spec: { type: "LoadBalancer", ports: [ { port: 80, targetPort: 8080 } ], selector: appLabel } }; // option 1: use a construct new KubernetesManifest(this, 'hello-kub', { cluster, manifest: [ deployment, service ] }); // or, option2: use \`addManifest\` cluster.addManifest('hello-kub', service, deployment); \`\`\` #### Adding resources from a URL The following example will deploy the resource manifest hosting on remote server: \`\`\`ts import * as yaml from 'js-yaml'; import * as request from 'sync-request'; const manifestUrl = 'https://url/of/manifest.yaml'; const manifest = yaml.safeLoadAll(request('GET', manifestUrl).getBody()); cluster.addManifest('my-resource', ...manifest); \`\`\` #### Dependencies There are cases where Kubernetes resources must be deployed in a specific order. For example, you cannot define a resource in a Kubernetes namespace before the namespace was created. You can represent dependencies between \`KubernetesManifest\`s using \`resource.node.addDependency()\`: \`\`\`ts const namespace = cluster.addManifest('my-namespace', { apiVersion: 'v1', kind: 'Namespace', metadata: { name: 'my-app' } }); const service = cluster.addManifest('my-service', { metadata: { name: 'myservice', namespace: 'my-app' }, spec: // ... }); service.node.addDependency(namespace); // will apply \`my-namespace\` before \`my-service\`. \`\`\` **NOTE:** when a \`KubernetesManifest\` includes multiple resources (either directly or through \`cluster.addManifest()\`) (e.g. \`cluster.addManifest('foo', r1, r2, r3,...)\`), these resources will be applied as a single manifest via \`kubectl\` and will be applied sequentially (the standard behavior in \`kubectl\`). --- Since Kubernetes manifests are implemented as CloudFormation resources in the CDK. This means that if the manifest is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`kubectl delete\` command and the Kubernetes resources in that manifest will be deleted. #### Resource Pruning When a resource is deleted from a Kubernetes manifest, the EKS module will automatically delete these resources by injecting a _prune label_ to all manifest resources. This label is then passed to [\`kubectl apply --prune\`]. [\`kubectl apply --prune\`]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label Pruning is enabled by default but can be disabled through the \`prune\` option when a cluster is defined: \`\`\`ts new Cluster(this, 'MyCluster', { prune: false }); \`\`\` #### Manifests Validation The \`kubectl\` CLI supports applying a manifest by skipping the validation. This can be accomplished by setting the \`skipValidation\` flag to \`true\` in the \`KubernetesManifest\` props. \`\`\`ts new eks.KubernetesManifest(this, 'HelloAppWithoutValidation', { cluster: this.cluster, manifest: [ deployment, service ], skipValidation: true, }); \`\`\` ### Helm Charts The \`HelmChart\` construct or \`cluster.addHelmChart\` method can be used to add Kubernetes resources to this cluster using Helm. > When using \`cluster.addHelmChart\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new HelmChart\` to create the chart in the scope of the other stack. The following example will install the [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to your cluster using Helm. \`\`\`ts // option 1: use a construct new HelmChart(this, 'NginxIngress', { cluster, chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); // or, option2: use \`addHelmChart\` cluster.addHelmChart('NginxIngress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); \`\`\` Helm charts will be installed and updated using \`helm upgrade --install\`, where a few parameters are being passed down (such as \`repo\`, \`values\`, \`version\`, \`namespace\`, \`wait\`, \`timeout\`, etc). This means that if the chart is added to CDK with the same release name, it will try to update the chart in the cluster. Helm charts are implemented as CloudFormation resources in CDK. This means that if the chart is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`helm uninstall\` command and the Helm chart will be deleted. When there is no \`release\` defined, a unique ID will be allocated for the release based on the construct path. By default, all Helm charts will be installed concurrently. In some cases, this could cause race conditions where two Helm charts attempt to deploy the same resource or if Helm charts depend on each other. You can use \`chart.node.addDependency()\` in order to declare a dependency order between charts: \`\`\`ts const chart1 = cluster.addHelmChart(...); const chart2 = cluster.addHelmChart(...); chart2.node.addDependency(chart1); \`\`\` #### CDK8s Charts [CDK8s](https://cdk8s.io/) is an open-source library that enables Kubernetes manifest authoring using familiar programming languages. It is founded on the same technologies as the AWS CDK, such as [\`constructs\`](https://github.com/aws/constructs) and [\`jsii\`](https://github.com/aws/jsii). > To learn more about cdk8s, visit the [Getting Started](https://github.com/awslabs/cdk8s/tree/master/docs/getting-started) tutorials. The EKS module natively integrates with cdk8s and allows you to apply cdk8s charts on AWS EKS clusters via the \`cluster.addCdk8sChart\` method. In addition to \`cdk8s\`, you can also use [\`cdk8s+\`](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-plus), which provides higher level abstraction for the core kubernetes api objects. You can think of it like the \`L2\` constructs for Kubernetes. Any other \`cdk8s\` based libraries are also supported, for example [\`cdk8s-debore\`](https://github.com/toricls/cdk8s-debore). To get started, add the following dependencies to your \`package.json\` file: \`\`\`json "dependencies": { "cdk8s": "0.30.0", "cdk8s-plus": "0.30.0", "constructs": "3.0.4" } \`\`\` > Note that the version of \`cdk8s\` must be \`>=0.30.0\`. Similarly to how you would create a stack by extending \`@aws-cdk/core.Stack\`, we recommend you create a chart of your own that extends \`cdk8s.Chart\`, and add your kubernetes resources to it. You can use \`aws-cdk\` construct attributes and properties inside your \`cdk8s\` construct freely. In this example we create a chart that accepts an \`s3.Bucket\` and passes its name to a kubernetes pod as an environment variable. Notice that the chart must accept a \`constructs.Construct\` type as its scope, not an \`@aws-cdk/core.Construct\` as you would normally use. For this reason, to avoid possible confusion, we will create the chart in a separate file: \`+ my-chart.ts\` \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface MyChartProps { readonly bucket: s3.Bucket; } export class MyChart extends cdk8s.Chart { constructor(scope: constructs.Construct, id: string, props: MyChartProps) { super(scope, id); new kplus.Pod(this, 'Pod', { spec: { containers: [ new kplus.Container({ image: 'my-image', env: { BUCKET_NAME: kplus.EnvValue.fromValue(props.bucket.bucketName), }, }), ], }, }); } } \`\`\` Then, in your AWS CDK app: \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as cdk8s from 'cdk8s'; import { MyChart } from './my-chart'; // some bucket.. const bucket = new s3.Bucket(this, 'Bucket'); // create a cdk8s chart and use \`cdk8s.App\` as the scope. const myChart = new MyChart(new cdk8s.App(), 'MyChart', { bucket }); // add the cdk8s chart to the cluster cluster.addCdk8sChart('my-chart', myChart); \`\`\` ##### Custom CDK8s Constructs You can also compose a few stock \`cdk8s+\` constructs into your own custom construct. However, since mixing scopes between \`aws-cdk\` and \`cdk8s\` is currently not supported, the \`Construct\` class you'll need to use is the one from the [\`constructs\`](https://github.com/aws/constructs) module, and not from \`@aws-cdk/core\` like you normally would. This is why we used \`new cdk8s.App()\` as the scope of the chart above. \`\`\`ts import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface LoadBalancedWebService { readonly port: number; readonly image: string; readonly replicas: number; } export class LoadBalancedWebService extends constructs.Construct { constructor(scope: constructs.Construct, id: string, props: LoadBalancedWebService) { super(scope, id); const deployment = new kplus.Deployment(chart, 'Deployment', { spec: { replicas: props.replicas, podSpecTemplate: { containers: [ new kplus.Container({ image: props.image }) ] } }, }); deployment.expose({port: props.port, serviceType: kplus.ServiceType.LOAD_BALANCER}) } } \`\`\` ##### Manually importing k8s specs and CRD's If you find yourself unable to use \`cdk8s+\`, or just like to directly use the \`k8s\` native objects or CRD's, you can do so by manually importing them using the \`cdk8s-cli\`. See [Importing kubernetes objects](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-cli#import) for detailed instructions. ## Patching Kubernetes Resources The \`KubernetesPatch\` construct can be used to update existing kubernetes resources. The following example can be used to patch the \`hello-kubernetes\` deployment from the example above with 5 replicas. \`\`\`ts new KubernetesPatch(this, 'hello-kub-deployment-label', { cluster, resourceName: "deployment/hello-kubernetes", applyPatch: { spec: { replicas: 5 } }, restorePatch: { spec: { replicas: 3 } } }) \`\`\` ## Querying Kubernetes Resources The \`KubernetesObjectValue\` construct can be used to query for information about kubernetes objects, and use that as part of your CDK application. For example, you can fetch the address of a [\`LoadBalancer\`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) type service: \`\`\`ts // query the load balancer address const myServiceAddress = new KubernetesObjectValue(this, 'LoadBalancerAttribute', { cluster: cluster, objectType: 'service', objectName: 'my-service', jsonPath: '.status.loadBalancer.ingress[0].hostname', // https://kubernetes.io/docs/reference/kubectl/jsonpath/ }); // pass the address to a lambda function const proxyFunction = new lambda.Function(this, 'ProxyFunction', { ... environment: { myServiceAddress: myServiceAddress.value }, }) \`\`\` Specifically, since the above use-case is quite common, there is an easier way to access that information: \`\`\`ts const loadBalancerAddress = cluster.getServiceLoadBalancerAddress('my-service'); \`\`\` ## Using existing clusters The Amazon EKS library allows defining Kubernetes resources such as [Kubernetes manifests](#kubernetes-resources) and [Helm charts](#helm-charts) on clusters that are not defined as part of your CDK app. First, you'll need to "import" a cluster to your CDK app. To do that, use the \`eks.Cluster.fromClusterAttributes()\` static method: \`\`\`ts const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { clusterName: 'my-cluster-name', kubectlRoleArn: 'arn:aws:iam::1111111:role/iam-role-that-has-masters-access', }); \`\`\` Then, you can use \`addManifest\` or \`addHelmChart\` to define resources inside your Kubernetes cluster. For example: \`\`\`ts cluster.addManifest('Test', { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'myconfigmap', }, data: { Key: 'value', Another: '123454', }, }); \`\`\` At the minimum, when importing clusters for \`kubectl\` management, you will need to specify: * \`clusterName\` - the name of the cluster. * \`kubectlRoleArn\` - the ARN of an IAM role mapped to the \`system:masters\` RBAC role. If the cluster you are importing was created using the AWS CDK, the CloudFormation stack has an output that includes an IAM role that can be used. Otherwise, you can create an IAM role and map it to \`system:masters\` manually. The trust policy of this role should include the the \`arn:aws::iam::\${accountId}:root\` principal in order to allow the execution role of the kubectl resource to assume it. If the cluster is configured with private-only or private and restricted public Kubernetes [endpoint access](#endpoint-access), you must also specify: * \`kubectlSecurityGroupId\` - the ID of an EC2 security group that is allowed connections to the cluster's control security group. For example, the EKS managed [cluster security group](#cluster-security-group). * \`kubectlPrivateSubnetIds\` - a list of private VPC subnets IDs that will be used to access the Kubernetes endpoint. ## Known Issues and Limitations * [One cluster per stack](https://github.com/aws/aws-cdk/issues/10073) * [Service Account dependencies](https://github.com/aws/aws-cdk/issues/9910) * [Support isolated VPCs](https://github.com/aws/aws-cdk/issues/12171) # API Reference ## Constructs ### AwsAuth Manages mapping between IAM users and roles to Kubernetes RBAC configuration. > [https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.AwsAuth; AwsAuth.Builder.create(Construct scope, java.lang.String id) .cluster(Cluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`cluster\`Required - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | addAccount | Additional AWS account to add to the aws-auth configmap. | | addMastersRole | Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. | | addRoleMapping | Adds a mapping between an IAM role to a Kubernetes user and groups. | | addUserMapping | Adds a mapping between an IAM user to a Kubernetes user and groups. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`addAccount\` \`\`\`java public void addAccount(java.lang.String accountId) \`\`\` Additional AWS account to add to the aws-auth configmap. ###### \`accountId\`Required - *Type:* java.lang.String account number. --- ##### \`addMastersRole\` \`\`\`java public void addMastersRole(IRole role) public void addMastersRole(IRole role, java.lang.String username) \`\`\` Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. ###### \`role\`Required - *Type:* software.amazon.awscdk.services.iam.IRole The IAM role to add. --- ###### \`username\`Optional - *Type:* java.lang.String Optional user (defaults to the role ARN). --- ##### \`addRoleMapping\` \`\`\`java public void addRoleMapping(IRole role, AwsAuthMapping mapping) \`\`\` Adds a mapping between an IAM role to a Kubernetes user and groups. ###### \`role\`Required - *Type:* software.amazon.awscdk.services.iam.IRole The IAM role to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- ##### \`addUserMapping\` \`\`\`java public void addUserMapping(IUser user, AwsAuthMapping mapping) \`\`\` Adds a mapping between an IAM user to a Kubernetes user and groups. ###### \`user\`Required - *Type:* software.amazon.awscdk.services.iam.IUser The IAM user to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.AwsAuth; AwsAuth.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ### CfnAddon - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.CfnAddon; CfnAddon.Builder.create(Construct scope, java.lang.String id) .addonName(java.lang.String) .clusterName(java.lang.String) // .addonVersion(java.lang.String) // .resolveConflicts(java.lang.String) // .serviceAccountRoleArn(java.lang.String) // .tags(java.util.List) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | addonName | java.lang.String | \`AWS::EKS::Addon.AddonName\`. | | clusterName | java.lang.String | \`AWS::EKS::Addon.ClusterName\`. | | addonVersion | java.lang.String | \`AWS::EKS::Addon.AddonVersion\`. | | resolveConflicts | java.lang.String | \`AWS::EKS::Addon.ResolveConflicts\`. | | serviceAccountRoleArn | java.lang.String | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | tags | java.util.List | \`AWS::EKS::Addon.Tags\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`addonName\`Required - *Type:* java.lang.String \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`clusterName\`Required - *Type:* java.lang.String \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addonVersion\`Optional - *Type:* java.lang.String \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolveConflicts\`Optional - *Type:* java.lang.String \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`serviceAccountRoleArn\`Optional - *Type:* java.lang.String \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`tags\`Optional - *Type:* java.util.List \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`java // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", List.of("myattribute")); cfnResource.addOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.CfnAddon; CfnAddon.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.eks.CfnAddon; CfnAddon.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.eks.CfnAddon; CfnAddon.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | tags | software.amazon.awscdk.core.TagManager | \`AWS::EKS::Addon.Tags\`. | | addonName | java.lang.String | \`AWS::EKS::Addon.AddonName\`. | | clusterName | java.lang.String | \`AWS::EKS::Addon.ClusterName\`. | | addonVersion | java.lang.String | \`AWS::EKS::Addon.AddonVersion\`. | | resolveConflicts | java.lang.String | \`AWS::EKS::Addon.ResolveConflicts\`. | | serviceAccountRoleArn | java.lang.String | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.core.TagManager \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ##### \`addonName\`Required \`\`\`java public java.lang.String getAddonName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addonVersion\`Optional \`\`\`java public java.lang.String getAddonVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolveConflicts\`Optional \`\`\`java public java.lang.String getResolveConflicts(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`serviceAccountRoleArn\`Optional \`\`\`java public java.lang.String getServiceAccountRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnCluster - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster; CfnCluster.Builder.create(Construct scope, java.lang.String id) .resourcesVpcConfig(ResourcesVpcConfigProperty) .resourcesVpcConfig(IResolvable) .roleArn(java.lang.String) // .encryptionConfig(IResolvable) // .encryptionConfig(java.util.List) // .kubernetesNetworkConfig(KubernetesNetworkConfigProperty) // .kubernetesNetworkConfig(IResolvable) // .name(java.lang.String) // .version(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | resourcesVpcConfig | ResourcesVpcConfigProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | roleArn | java.lang.String | \`AWS::EKS::Cluster.RoleArn\`. | | encryptionConfig | software.amazon.awscdk.core.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.core.IResolvable> | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetesNetworkConfig | KubernetesNetworkConfigProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | java.lang.String | \`AWS::EKS::Cluster.Name\`. | | version | java.lang.String | \`AWS::EKS::Cluster.Version\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`resourcesVpcConfig\`Required - *Type:* ResourcesVpcConfigProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`roleArn\`Required - *Type:* java.lang.String \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryptionConfig\`Optional - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.core.IResolvable> \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetesNetworkConfig\`Optional - *Type:* KubernetesNetworkConfigProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional - *Type:* java.lang.String \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional - *Type:* java.lang.String \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`java // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", List.of("myattribute")); cfnResource.addOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster; CfnCluster.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster; CfnCluster.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster; CfnCluster.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | attrCertificateAuthorityData | java.lang.String | *No description.* | | attrClusterSecurityGroupId | java.lang.String | *No description.* | | attrEncryptionConfigKeyArn | java.lang.String | *No description.* | | attrEndpoint | java.lang.String | *No description.* | | attrOpenIdConnectIssuerUrl | java.lang.String | *No description.* | | resourcesVpcConfig | ResourcesVpcConfigProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | roleArn | java.lang.String | \`AWS::EKS::Cluster.RoleArn\`. | | encryptionConfig | software.amazon.awscdk.core.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.core.IResolvable> | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetesNetworkConfig | KubernetesNetworkConfigProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | java.lang.String | \`AWS::EKS::Cluster.Name\`. | | version | java.lang.String | \`AWS::EKS::Cluster.Version\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`attrCertificateAuthorityData\`Required \`\`\`java public java.lang.String getAttrCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String --- ##### \`attrClusterSecurityGroupId\`Required \`\`\`java public java.lang.String getAttrClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String --- ##### \`attrEncryptionConfigKeyArn\`Required \`\`\`java public java.lang.String getAttrEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String --- ##### \`attrEndpoint\`Required \`\`\`java public java.lang.String getAttrEndpoint(); \`\`\` - *Type:* java.lang.String --- ##### \`attrOpenIdConnectIssuerUrl\`Required \`\`\`java public java.lang.String getAttrOpenIdConnectIssuerUrl(); \`\`\` - *Type:* java.lang.String --- ##### \`resourcesVpcConfig\`Required \`\`\`java public java.lang.Object getResourcesVpcConfig(); \`\`\` - *Type:* ResourcesVpcConfigProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`roleArn\`Required \`\`\`java public java.lang.String getRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryptionConfig\`Optional \`\`\`java public java.lang.Object getEncryptionConfig(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.core.IResolvable> \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetesNetworkConfig\`Optional \`\`\`java public java.lang.Object getKubernetesNetworkConfig(); \`\`\` - *Type:* KubernetesNetworkConfigProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnFargateProfile - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile; CfnFargateProfile.Builder.create(Construct scope, java.lang.String id) .clusterName(java.lang.String) .podExecutionRoleArn(java.lang.String) .selectors(IResolvable) .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .subnets(java.util.List) // .tags(java.util.List) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | clusterName | java.lang.String | \`AWS::EKS::FargateProfile.ClusterName\`. | | podExecutionRoleArn | java.lang.String | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | software.amazon.awscdk.core.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.core.IResolvable> | \`AWS::EKS::FargateProfile.Selectors\`. | | fargateProfileName | java.lang.String | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | java.util.List | \`AWS::EKS::FargateProfile.Subnets\`. | | tags | java.util.List | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`clusterName\`Required - *Type:* java.lang.String \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`podExecutionRoleArn\`Required - *Type:* java.lang.String \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.core.IResolvable> \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargateProfileName\`Optional - *Type:* java.lang.String \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional - *Type:* java.util.List \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`tags\`Optional - *Type:* java.util.List \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`java // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", List.of("myattribute")); cfnResource.addOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile; CfnFargateProfile.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile; CfnFargateProfile.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile; CfnFargateProfile.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | tags | software.amazon.awscdk.core.TagManager | \`AWS::EKS::FargateProfile.Tags\`. | | clusterName | java.lang.String | \`AWS::EKS::FargateProfile.ClusterName\`. | | podExecutionRoleArn | java.lang.String | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | software.amazon.awscdk.core.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.core.IResolvable> | \`AWS::EKS::FargateProfile.Selectors\`. | | fargateProfileName | java.lang.String | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | java.util.List | \`AWS::EKS::FargateProfile.Subnets\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.core.TagManager \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`podExecutionRoleArn\`Required \`\`\`java public java.lang.String getPodExecutionRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required \`\`\`java public java.lang.Object getSelectors(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.core.IResolvable> \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargateProfileName\`Optional \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional \`\`\`java public java.util.List getSubnets(); \`\`\` - *Type:* java.util.List \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### CfnNodegroup - *Implements:* software.amazon.awscdk.core.IInspectable A CloudFormation \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup; CfnNodegroup.Builder.create(Construct scope, java.lang.String id) .clusterName(java.lang.String) .nodeRole(java.lang.String) .subnets(java.util.List) // .amiType(java.lang.String) // .capacityType(java.lang.String) // .diskSize(java.lang.Number) // .forceUpdateEnabled(java.lang.Boolean) // .forceUpdateEnabled(IResolvable) // .instanceTypes(java.util.List) // .labels(java.lang.Object) // .launchTemplate(LaunchTemplateSpecificationProperty) // .launchTemplate(IResolvable) // .nodegroupName(java.lang.String) // .releaseVersion(java.lang.String) // .remoteAccess(RemoteAccessProperty) // .remoteAccess(IResolvable) // .scalingConfig(ScalingConfigProperty) // .scalingConfig(IResolvable) // .tags(java.lang.Object) // .taints(IResolvable) // .taints(java.util.List) // .version(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.amazon.awscdk.core.Construct | - scope in which this resource is defined. | | id | java.lang.String | - scoped id of the resource. | | clusterName | java.lang.String | \`AWS::EKS::Nodegroup.ClusterName\`. | | nodeRole | java.lang.String | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | java.util.List | \`AWS::EKS::Nodegroup.Subnets\`. | | amiType | java.lang.String | \`AWS::EKS::Nodegroup.AmiType\`. | | capacityType | java.lang.String | \`AWS::EKS::Nodegroup.CapacityType\`. | | diskSize | java.lang.Number | \`AWS::EKS::Nodegroup.DiskSize\`. | | forceUpdateEnabled | java.lang.Boolean OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instanceTypes | java.util.List | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | labels | java.lang.Object | \`AWS::EKS::Nodegroup.Labels\`. | | launchTemplate | LaunchTemplateSpecificationProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroupName | java.lang.String | \`AWS::EKS::Nodegroup.NodegroupName\`. | | releaseVersion | java.lang.String | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remoteAccess | RemoteAccessProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scalingConfig | ScalingConfigProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | tags | java.lang.Object | \`AWS::EKS::Nodegroup.Tags\`. | | taints | software.amazon.awscdk.core.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.core.IResolvable> | \`AWS::EKS::Nodegroup.Taints\`. | | version | java.lang.String | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* java.lang.String scoped id of the resource. --- ##### \`clusterName\`Required - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`nodeRole\`Required - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required - *Type:* java.util.List \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`amiType\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacityType\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`diskSize\`Optional - *Type:* java.lang.Number \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`forceUpdateEnabled\`Optional - *Type:* java.lang.Boolean OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instanceTypes\`Optional - *Type:* java.util.List \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`launchTemplate\`Optional - *Type:* LaunchTemplateSpecificationProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroupName\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`releaseVersion\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remoteAccess\`Optional - *Type:* RemoteAccessProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scalingConfig\`Optional - *Type:* ScalingConfigProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`tags\`Optional - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`taints\`Optional - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.core.IResolvable> \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional - *Type:* java.lang.String \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`java public void overrideLogicalId(java.lang.String newLogicalId) \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* java.lang.String The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`java public void addDeletionOverride(java.lang.String path) \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* java.lang.String The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`java public void addDependsOn(CfnResource target) \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* software.amazon.awscdk.core.CfnResource --- ##### \`addMetadata\` \`\`\`java public void addMetadata(java.lang.String key, java.lang.Object value) \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ###### \`value\`Required - *Type:* java.lang.Object --- ##### \`addOverride\` \`\`\`java public void addOverride(java.lang.String path, java.lang.Object value) \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`java // Example automatically generated from non-compiling source. May contain errors. cfnResource.addOverride("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", List.of("myattribute")); cfnResource.addOverride("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE"); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* java.lang.String The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* java.lang.Object The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`java public void addPropertyDeletionOverride(java.lang.String propertyPath) \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* java.lang.String The path to the property. --- ##### \`addPropertyOverride\` \`\`\`java public void addPropertyOverride(java.lang.String propertyPath, java.lang.Object value) \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* java.lang.String The path of the property. --- ###### \`value\`Required - *Type:* java.lang.Object The value. --- ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy() public void applyRemovalPolicy(RemovalPolicy policy) public void applyRemovalPolicy(RemovalPolicy policy, RemovalPolicyOptions options) \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ###### \`options\`Optional - *Type:* software.amazon.awscdk.core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`java public Reference getAtt(java.lang.String attributeName) \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* java.lang.String The name of the attribute. --- ##### \`getMetadata\` \`\`\`java public java.lang.Object getMetadata(java.lang.String key) \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* java.lang.String --- ##### \`inspect\` \`\`\`java public void inspect(TreeInspector inspector) \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* software.amazon.awscdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup; CfnNodegroup.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnElement\` \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup; CfnNodegroup.isCfnElement(java.lang.Object x) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isCfnResource\` \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup; CfnNodegroup.isCfnResource(IConstruct construct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* software.constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | creationStack | java.util.List | *No description.* | | logicalId | java.lang.String | The logical ID for this CloudFormation stack element. | | stack | software.amazon.awscdk.core.Stack | The stack in which this element is defined. | | ref | java.lang.String | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | software.amazon.awscdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | java.lang.String | AWS resource type. | | attrArn | java.lang.String | *No description.* | | attrClusterName | java.lang.String | *No description.* | | attrNodegroupName | java.lang.String | *No description.* | | tags | software.amazon.awscdk.core.TagManager | \`AWS::EKS::Nodegroup.Tags\`. | | clusterName | java.lang.String | \`AWS::EKS::Nodegroup.ClusterName\`. | | labels | java.lang.Object | \`AWS::EKS::Nodegroup.Labels\`. | | nodeRole | java.lang.String | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | java.util.List | \`AWS::EKS::Nodegroup.Subnets\`. | | amiType | java.lang.String | \`AWS::EKS::Nodegroup.AmiType\`. | | capacityType | java.lang.String | \`AWS::EKS::Nodegroup.CapacityType\`. | | diskSize | java.lang.Number | \`AWS::EKS::Nodegroup.DiskSize\`. | | forceUpdateEnabled | java.lang.Boolean OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instanceTypes | java.util.List | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | launchTemplate | LaunchTemplateSpecificationProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroupName | java.lang.String | \`AWS::EKS::Nodegroup.NodegroupName\`. | | releaseVersion | java.lang.String | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remoteAccess | RemoteAccessProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scalingConfig | ScalingConfigProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | taints | software.amazon.awscdk.core.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.core.IResolvable> | \`AWS::EKS::Nodegroup.Taints\`. | | version | java.lang.String | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`java public java.util.List getCreationStack(); \`\`\` - *Type:* java.util.List --- ##### \`logicalId\`Required \`\`\`java public java.lang.String getLogicalId(); \`\`\` - *Type:* java.lang.String The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`java public java.lang.String getRef(); \`\`\` - *Type:* java.lang.String Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`java public ICfnResourceOptions getCfnOptions(); \`\`\` - *Type:* software.amazon.awscdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`java public java.lang.String getCfnResourceType(); \`\`\` - *Type:* java.lang.String AWS resource type. --- ##### \`attrArn\`Required \`\`\`java public java.lang.String getAttrArn(); \`\`\` - *Type:* java.lang.String --- ##### \`attrClusterName\`Required \`\`\`java public java.lang.String getAttrClusterName(); \`\`\` - *Type:* java.lang.String --- ##### \`attrNodegroupName\`Required \`\`\`java public java.lang.String getAttrNodegroupName(); \`\`\` - *Type:* java.lang.String --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.core.TagManager \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`labels\`Required \`\`\`java public java.lang.Object getLabels(); \`\`\` - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`nodeRole\`Required \`\`\`java public java.lang.String getNodeRole(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required \`\`\`java public java.util.List getSubnets(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`amiType\`Optional \`\`\`java public java.lang.String getAmiType(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacityType\`Optional \`\`\`java public java.lang.String getCapacityType(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`diskSize\`Optional \`\`\`java public java.lang.Number getDiskSize(); \`\`\` - *Type:* java.lang.Number \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`forceUpdateEnabled\`Optional \`\`\`java public java.lang.Object getForceUpdateEnabled(); \`\`\` - *Type:* java.lang.Boolean OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instanceTypes\`Optional \`\`\`java public java.util.List getInstanceTypes(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`launchTemplate\`Optional \`\`\`java public java.lang.Object getLaunchTemplate(); \`\`\` - *Type:* LaunchTemplateSpecificationProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroupName\`Optional \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`releaseVersion\`Optional \`\`\`java public java.lang.String getReleaseVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remoteAccess\`Optional \`\`\`java public java.lang.Object getRemoteAccess(); \`\`\` - *Type:* RemoteAccessProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scalingConfig\`Optional \`\`\`java public java.lang.Object getScalingConfig(); \`\`\` - *Type:* ScalingConfigProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`taints\`Optional \`\`\`java public java.lang.Object getTaints(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.core.IResolvable> \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | java.lang.String | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`java public java.lang.String getCfnResourceTypeName(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type name for this resource class. --- ### Cluster - *Implements:* ICluster A Cluster represents a managed Kubernetes Service (EKS). This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.Cluster; Cluster.Builder.create(Construct scope, java.lang.String id) .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) // .defaultCapacity(java.lang.Number) // .defaultCapacityInstance(InstanceType) // .defaultCapacityType(DefaultCapacityType) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | a Construct, most likely a cdk.Stack created. | | id | java.lang.String | the id of the Construct to create. | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.core.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultCapacity | java.lang.Number | Number of instances to allocate as an initial capacity for this cluster. | | defaultCapacityInstance | software.amazon.awscdk.services.ec2.InstanceType | The instance type to use for the default capacity. | | defaultCapacityType | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct a Construct, most likely a cdk.Stack created. --- ##### \`id\`Required - *Type:* java.lang.String the id of the Construct to create. --- ##### \`version\`Required - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional - *Type:* software.amazon.awscdk.core.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultCapacity\`Optional - *Type:* java.lang.Number - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`defaultCapacityInstance\`Optional - *Type:* software.amazon.awscdk.services.ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`defaultCapacityType\`Optional - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | addCdk8sChart | Defines a CDK8s chart in this cluster. | | addFargateProfile | Adds a Fargate profile to this cluster. | | addHelmChart | Defines a Helm chart in this cluster. | | addManifest | Defines a Kubernetes resource in this cluster. | | addNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | addServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | connectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | getServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ##### \`addAutoScalingGroupCapacity\` \`\`\`java public AutoScalingGroup addAutoScalingGroupCapacity(java.lang.String id, AutoScalingGroupCapacityOptions options) \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`addCdk8sChart\` \`\`\`java public KubernetesManifest addCdk8sChart(java.lang.String id, Construct chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`chart\`Required - *Type:* software.constructs.Construct the cdk8s chart. --- ##### \`addFargateProfile\` \`\`\`java public FargateProfile addFargateProfile(java.lang.String id, FargateProfileOptions options) \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* java.lang.String the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`addHelmChart\` \`\`\`java public HelmChart addHelmChart(java.lang.String id, HelmChartOptions options) \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`addManifest\` \`\`\`java public KubernetesManifest addManifest(java.lang.String id, java.util.Map manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* java.lang.String logical id of this manifest. --- ###### \`manifest\`Required - *Type:* java.util.Map a list of Kubernetes resource specifications. --- ##### \`addNodegroupCapacity\` \`\`\`java public Nodegroup addNodegroupCapacity(java.lang.String id) public Nodegroup addNodegroupCapacity(java.lang.String id, NodegroupOptions options) \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* java.lang.String The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`addServiceAccount\` \`\`\`java public ServiceAccount addServiceAccount(java.lang.String id) public ServiceAccount addServiceAccount(java.lang.String id, ServiceAccountOptions options) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`connectAutoScalingGroupCapacity\` \`\`\`java public void connectAutoScalingGroupCapacity(AutoScalingGroup autoScalingGroup, AutoScalingGroupOptions options) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* software.amazon.awscdk.services.autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`getServiceLoadBalancerAddress\` \`\`\`java public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName) public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName, ServiceLoadBalancerAddressOptions options) \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* java.lang.String The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | | fromClusterAttributes | Import an existing cluster. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.Cluster; Cluster.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.eks.Cluster; Cluster.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.amazon.awscdk.core.IConstruct --- ##### \`fromClusterAttributes\` \`\`\`java import software.amazon.awscdk.services.eks.Cluster; Cluster.fromClusterAttributes(Construct scope, java.lang.String id, ClusterAttributes attrs) \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* software.constructs.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* java.lang.String the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | adminRole | software.amazon.awscdk.services.iam.Role | An IAM role with administrative permissions to create or update the cluster. | | awsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | clusterArn | java.lang.String | The AWS generated ARN for the Cluster resource. | | clusterCertificateAuthorityData | java.lang.String | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | java.lang.String | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | java.lang.String | The endpoint URL for the Cluster. | | clusterName | java.lang.String | The Name of the created EKS Cluster. | | clusterOpenIdConnectIssuer | java.lang.String | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | clusterOpenIdConnectIssuerUrl | java.lang.String | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | clusterSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | clusterSecurityGroupId | java.lang.String | The id of the cluster security group that was created by Amazon EKS for the cluster. | | connections | software.amazon.awscdk.services.ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | openIdConnectProvider | software.amazon.awscdk.services.iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | prune | java.lang.Boolean | Determines if Kubernetes resources can be pruned automatically. | | role | software.amazon.awscdk.services.iam.IRole | IAM role assumed by the EKS Control Plane. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which this Cluster was created. | | defaultCapacity | software.amazon.awscdk.services.autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | defaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | kubectlEnvironment | java.util.Map | Custom environment variables when running \`kubectl\` against this cluster. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.core.Size | The amount of memory allocated to the kubectl provider's lambda function. | | kubectlPrivateSubnets | java.util.List | Subnets to host the \`kubectl\` compute resources. | | kubectlRole | software.amazon.awscdk.services.iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectlSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`adminRole\`Required \`\`\`java public Role getAdminRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`awsAuth\`Required \`\`\`java public AwsAuth getAwsAuth(); \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`clusterArn\`Required \`\`\`java public java.lang.String getClusterArn(); \`\`\` - *Type:* java.lang.String The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666;cluster / prod; \`\`\` ##### \`clusterCertificateAuthorityData\`Required \`\`\`java public java.lang.String getClusterCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Required \`\`\`java public java.lang.String getClusterEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Required \`\`\`java public java.lang.String getClusterEndpoint(); \`\`\` - *Type:* java.lang.String The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String The Name of the created EKS Cluster. --- ##### \`clusterOpenIdConnectIssuer\`Required \`\`\`java public java.lang.String getClusterOpenIdConnectIssuer(); \`\`\` - *Type:* java.lang.String If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterOpenIdConnectIssuerUrl\`Required \`\`\`java public java.lang.String getClusterOpenIdConnectIssuerUrl(); \`\`\` - *Type:* java.lang.String If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterSecurityGroup\`Required \`\`\`java public ISecurityGroup getClusterSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`clusterSecurityGroupId\`Required \`\`\`java public java.lang.String getClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`connections\`Required \`\`\`java public Connections getConnections(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`openIdConnectProvider\`Required \`\`\`java public IOpenIdConnectProvider getOpenIdConnectProvider(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`prune\`Required \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean Determines if Kubernetes resources can be pruned automatically. --- ##### \`role\`Required \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`vpc\`Required \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc The VPC in which this Cluster was created. --- ##### \`defaultCapacity\`Optional \`\`\`java public AutoScalingGroup getDefaultCapacity(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`defaultNodegroup\`Optional \`\`\`java public Nodegroup getDefaultNodegroup(); \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.core.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`kubectlPrivateSubnets\`Optional \`\`\`java public java.util.List getKubectlPrivateSubnets(); \`\`\` - *Type:* java.util.List - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`kubectlRole\`Optional \`\`\`java public IRole getKubectlRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectlSecurityGroup\`Optional \`\`\`java public ISecurityGroup getKubectlSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateCluster Defines an EKS cluster that runs entirely on AWS Fargate. The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using \`addFargateProfile\`. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.FargateCluster; FargateCluster.Builder.create(Construct scope, java.lang.String id) .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) // .defaultProfile(FargateProfileOptions) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.core.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultProfile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`version\`Required - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional - *Type:* software.amazon.awscdk.core.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultProfile\`Optional - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | addCdk8sChart | Defines a CDK8s chart in this cluster. | | addFargateProfile | Adds a Fargate profile to this cluster. | | addHelmChart | Defines a Helm chart in this cluster. | | addManifest | Defines a Kubernetes resource in this cluster. | | addNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | addServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | connectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | getServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.core.RemovalPolicy --- ##### \`addAutoScalingGroupCapacity\` \`\`\`java public AutoScalingGroup addAutoScalingGroupCapacity(java.lang.String id, AutoScalingGroupCapacityOptions options) \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`addCdk8sChart\` \`\`\`java public KubernetesManifest addCdk8sChart(java.lang.String id, Construct chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`chart\`Required - *Type:* software.constructs.Construct the cdk8s chart. --- ##### \`addFargateProfile\` \`\`\`java public FargateProfile addFargateProfile(java.lang.String id, FargateProfileOptions options) \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* java.lang.String the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`addHelmChart\` \`\`\`java public HelmChart addHelmChart(java.lang.String id, HelmChartOptions options) \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`addManifest\` \`\`\`java public KubernetesManifest addManifest(java.lang.String id, java.util.Map manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* java.lang.String logical id of this manifest. --- ###### \`manifest\`Required - *Type:* java.util.Map a list of Kubernetes resource specifications. --- ##### \`addNodegroupCapacity\` \`\`\`java public Nodegroup addNodegroupCapacity(java.lang.String id) public Nodegroup addNodegroupCapacity(java.lang.String id, NodegroupOptions options) \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* java.lang.String The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`addServiceAccount\` \`\`\`java public ServiceAccount addServiceAccount(java.lang.String id) public ServiceAccount addServiceAccount(java.lang.String id, ServiceAccountOptions options) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* java.lang.String --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`connectAutoScalingGroupCapacity\` \`\`\`java public void connectAutoScalingGroupCapacity(AutoScalingGroup autoScalingGroup, AutoScalingGroupOptions options) \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* software.amazon.awscdk.services.autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`getServiceLoadBalancerAddress\` \`\`\`java public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName) public java.lang.String getServiceLoadBalancerAddress(java.lang.String serviceName, ServiceLoadBalancerAddressOptions options) \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* java.lang.String The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | | fromClusterAttributes | Import an existing cluster. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.FargateCluster; FargateCluster.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.eks.FargateCluster; FargateCluster.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.amazon.awscdk.core.IConstruct --- ##### \`fromClusterAttributes\` \`\`\`java import software.amazon.awscdk.services.eks.FargateCluster; FargateCluster.fromClusterAttributes(Construct scope, java.lang.String id, ClusterAttributes attrs) \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* software.constructs.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* java.lang.String the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | adminRole | software.amazon.awscdk.services.iam.Role | An IAM role with administrative permissions to create or update the cluster. | | awsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | clusterArn | java.lang.String | The AWS generated ARN for the Cluster resource. | | clusterCertificateAuthorityData | java.lang.String | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | java.lang.String | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | java.lang.String | The endpoint URL for the Cluster. | | clusterName | java.lang.String | The Name of the created EKS Cluster. | | clusterOpenIdConnectIssuer | java.lang.String | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | clusterOpenIdConnectIssuerUrl | java.lang.String | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | clusterSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | clusterSecurityGroupId | java.lang.String | The id of the cluster security group that was created by Amazon EKS for the cluster. | | connections | software.amazon.awscdk.services.ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | openIdConnectProvider | software.amazon.awscdk.services.iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | prune | java.lang.Boolean | Determines if Kubernetes resources can be pruned automatically. | | role | software.amazon.awscdk.services.iam.IRole | IAM role assumed by the EKS Control Plane. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which this Cluster was created. | | defaultCapacity | software.amazon.awscdk.services.autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | defaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | kubectlEnvironment | java.util.Map | Custom environment variables when running \`kubectl\` against this cluster. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.core.Size | The amount of memory allocated to the kubectl provider's lambda function. | | kubectlPrivateSubnets | java.util.List | Subnets to host the \`kubectl\` compute resources. | | kubectlRole | software.amazon.awscdk.services.iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectlSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`adminRole\`Required \`\`\`java public Role getAdminRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`awsAuth\`Required \`\`\`java public AwsAuth getAwsAuth(); \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`clusterArn\`Required \`\`\`java public java.lang.String getClusterArn(); \`\`\` - *Type:* java.lang.String The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666;cluster / prod; \`\`\` ##### \`clusterCertificateAuthorityData\`Required \`\`\`java public java.lang.String getClusterCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Required \`\`\`java public java.lang.String getClusterEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Required \`\`\`java public java.lang.String getClusterEndpoint(); \`\`\` - *Type:* java.lang.String The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String The Name of the created EKS Cluster. --- ##### \`clusterOpenIdConnectIssuer\`Required \`\`\`java public java.lang.String getClusterOpenIdConnectIssuer(); \`\`\` - *Type:* java.lang.String If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterOpenIdConnectIssuerUrl\`Required \`\`\`java public java.lang.String getClusterOpenIdConnectIssuerUrl(); \`\`\` - *Type:* java.lang.String If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterSecurityGroup\`Required \`\`\`java public ISecurityGroup getClusterSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`clusterSecurityGroupId\`Required \`\`\`java public java.lang.String getClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`connections\`Required \`\`\`java public Connections getConnections(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`openIdConnectProvider\`Required \`\`\`java public IOpenIdConnectProvider getOpenIdConnectProvider(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`prune\`Required \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean Determines if Kubernetes resources can be pruned automatically. --- ##### \`role\`Required \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`vpc\`Required \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc The VPC in which this Cluster was created. --- ##### \`defaultCapacity\`Optional \`\`\`java public AutoScalingGroup getDefaultCapacity(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`defaultNodegroup\`Optional \`\`\`java public Nodegroup getDefaultNodegroup(); \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.core.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`kubectlPrivateSubnets\`Optional \`\`\`java public java.util.List getKubectlPrivateSubnets(); \`\`\` - *Type:* java.util.List - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`kubectlRole\`Optional \`\`\`java public IRole getKubectlRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectlSecurityGroup\`Optional \`\`\`java public ISecurityGroup getKubectlSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateProfile - *Implements:* software.amazon.awscdk.core.ITaggable Fargate profiles allows an administrator to declare which pods run on Fargate. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate. If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.FargateProfile; FargateProfile.Builder.create(Construct scope, java.lang.String id) .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .podExecutionRole(IRole) // .subnetSelection(SubnetSelection) // .vpc(IVpc) .cluster(Cluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | selectors | java.util.List<Selector> | The selectors to match for pods to use this Fargate profile. | | fargateProfileName | java.lang.String | The name of the Fargate profile. | | podExecutionRole | software.amazon.awscdk.services.iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnetSelection | software.amazon.awscdk.services.ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`selectors\`Required - *Type:* java.util.List<Selector> The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargateProfileName\`Optional - *Type:* java.lang.String - *Default:* generated The name of the Fargate profile. --- ##### \`podExecutionRole\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnetSelection\`Optional - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`cluster\`Required - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.FargateProfile; FargateProfile.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | fargateProfileArn | java.lang.String | The full Amazon Resource Name (ARN) of the Fargate profile. | | fargateProfileName | java.lang.String | The name of the Fargate profile. | | podExecutionRole | software.amazon.awscdk.services.iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | tags | software.amazon.awscdk.core.TagManager | Resource tags. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`fargateProfileArn\`Required \`\`\`java public java.lang.String getFargateProfileArn(); \`\`\` - *Type:* java.lang.String The full Amazon Resource Name (ARN) of the Fargate profile. --- ##### \`fargateProfileName\`Required \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String The name of the Fargate profile. --- ##### \`podExecutionRole\`Required \`\`\`java public IRole getPodExecutionRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. --- ##### \`tags\`Required \`\`\`java public TagManager getTags(); \`\`\` - *Type:* software.amazon.awscdk.core.TagManager Resource tags. --- ### HelmChart Represents a helm chart within the Kubernetes system. Applies/deletes the resources using \`kubectl\` in sync with the resource. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.HelmChart; HelmChart.Builder.create(Construct scope, java.lang.String id) .chart(java.lang.String) // .createNamespace(java.lang.Boolean) // .namespace(java.lang.String) // .release(java.lang.String) // .repository(java.lang.String) // .timeout(Duration) // .values(java.util.Map) // .version(java.lang.String) // .wait(java.lang.Boolean) .cluster(ICluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | chart | java.lang.String | The name of the chart. | | createNamespace | java.lang.Boolean | create namespace if not exist. | | namespace | java.lang.String | The Kubernetes namespace scope of the requests. | | release | java.lang.String | The name of the release. | | repository | java.lang.String | The repository which contains the chart. | | timeout | software.amazon.awscdk.core.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | java.util.Map | The values to be used by the chart. | | version | java.lang.String | The chart version to install. | | wait | java.lang.Boolean | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`chart\`Required - *Type:* java.lang.String The name of the chart. --- ##### \`createNamespace\`Optional - *Type:* java.lang.Boolean - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional - *Type:* java.lang.String - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional - *Type:* java.lang.String - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional - *Type:* java.lang.String - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional - *Type:* software.amazon.awscdk.core.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional - *Type:* java.util.Map - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional - *Type:* java.lang.String - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional - *Type:* java.lang.Boolean - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`cluster\`Required - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.HelmChart; HelmChart.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | java.lang.String | The CloudFormation resource type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`java public java.lang.String getResourceType(); \`\`\` - *Type:* java.lang.String The CloudFormation resource type. --- ### KubernetesManifest Represents a manifest within the Kubernetes system. Alternatively, you can use \`cluster.addManifest(resource[, resource, ...])\` to define resources on this cluster. Applies/deletes the manifest using \`kubectl\`. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.KubernetesManifest; KubernetesManifest.Builder.create(Construct scope, java.lang.String id) // .prune(java.lang.Boolean) // .skipValidation(java.lang.Boolean) .cluster(ICluster) .manifest(java.util.List>) // .overwrite(java.lang.Boolean) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | prune | java.lang.Boolean | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skipValidation | java.lang.Boolean | A flag to signify if the manifest validation should be skipped. | | cluster | ICluster | The EKS cluster to apply this manifest to. | | manifest | java.util.List> | The manifest to apply. | | overwrite | java.lang.Boolean | Overwrite any existing resources. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`prune\`Optional - *Type:* java.lang.Boolean - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skipValidation\`Optional - *Type:* java.lang.Boolean - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`cluster\`Required - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`manifest\`Required - *Type:* java.util.List> The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`java List.of(Map.of( "apiVersion", "v1", "kind", "Pod", "metadata", Map.of("name", "mypod"), "spec", Map.of( "containers", List.of(Map.of("name", "hello", "image", "paulbouwer/hello-kubernetes:1.5", "ports", List.of(Map.of("containerPort", 8080))))))); \`\`\` ##### \`overwrite\`Optional - *Type:* java.lang.Boolean - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.KubernetesManifest; KubernetesManifest.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | java.lang.String | The CloudFormation reosurce type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`java public java.lang.String getResourceType(); \`\`\` - *Type:* java.lang.String The CloudFormation reosurce type. --- ### KubernetesObjectValue Represents a value of a specific object deployed in the cluster. Use this to fetch any information available by the \`kubectl get\` command. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.KubernetesObjectValue; KubernetesObjectValue.Builder.create(Construct scope, java.lang.String id) .cluster(ICluster) .jsonPath(java.lang.String) .objectName(java.lang.String) .objectType(java.lang.String) // .objectNamespace(java.lang.String) // .timeout(Duration) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | cluster | ICluster | The EKS cluster to fetch attributes from. | | jsonPath | java.lang.String | JSONPath to the specific value. | | objectName | java.lang.String | The name of the object to query. | | objectType | java.lang.String | The object type to query. | | objectNamespace | java.lang.String | The namespace the object belongs to. | | timeout | software.amazon.awscdk.core.Duration | Timeout for waiting on a value. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`cluster\`Required - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`jsonPath\`Required - *Type:* java.lang.String JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`objectName\`Required - *Type:* java.lang.String The name of the object to query. --- ##### \`objectType\`Required - *Type:* java.lang.String The object type to query. (e.g 'service', 'pod'...) --- ##### \`objectNamespace\`Optional - *Type:* java.lang.String - *Default:* 'default' The namespace the object belongs to. --- ##### \`timeout\`Optional - *Type:* software.amazon.awscdk.core.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.KubernetesObjectValue; KubernetesObjectValue.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | value | java.lang.String | The value as a string token. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`value\`Required \`\`\`java public java.lang.String getValue(); \`\`\` - *Type:* java.lang.String The value as a string token. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | java.lang.String | The CloudFormation reosurce type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`java public java.lang.String getResourceType(); \`\`\` - *Type:* java.lang.String The CloudFormation reosurce type. --- ### KubernetesPatch A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource. > [https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.KubernetesPatch; KubernetesPatch.Builder.create(Construct scope, java.lang.String id) .applyPatch(java.util.Map) .cluster(ICluster) .resourceName(java.lang.String) .restorePatch(java.util.Map) // .patchType(PatchType) // .resourceNamespace(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | applyPatch | java.util.Map | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | cluster | ICluster | The cluster to apply the patch to. | | resourceName | java.lang.String | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | restorePatch | java.util.Map | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | patchType | PatchType | The patch type to pass to \`kubectl patch\`. | | resourceNamespace | java.lang.String | The kubernetes API namespace. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`applyPatch\`Required - *Type:* java.util.Map The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`cluster\`Required - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`resourceName\`Required - *Type:* java.lang.String The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`restorePatch\`Required - *Type:* java.util.Map The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`patchType\`Optional - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`resourceNamespace\`Optional - *Type:* java.lang.String - *Default:* "default" The kubernetes API namespace. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.KubernetesPatch; KubernetesPatch.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ### Nodegroup - *Implements:* INodegroup The Nodegroup resource class. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.Nodegroup; Nodegroup.Builder.create(Construct scope, java.lang.String id) // .amiType(NodegroupAmiType) // .capacityType(CapacityType) // .desiredSize(java.lang.Number) // .diskSize(java.lang.Number) // .forceUpdate(java.lang.Boolean) // .instanceType(InstanceType) // .instanceTypes(java.util.List) // .labels(java.util.Map) // .launchTemplateSpec(LaunchTemplateSpec) // .maxSize(java.lang.Number) // .minSize(java.lang.Number) // .nodegroupName(java.lang.String) // .nodeRole(IRole) // .releaseVersion(java.lang.String) // .remoteAccess(NodegroupRemoteAccess) // .subnets(SubnetSelection) // .tags(java.util.Map) .cluster(ICluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | amiType | NodegroupAmiType | The AMI type for your node group. | | capacityType | CapacityType | The capacity type of the nodegroup. | | desiredSize | java.lang.Number | The current number of worker nodes that the managed node group should maintain. | | diskSize | java.lang.Number | The root device disk size (in GiB) for your node group instances. | | forceUpdate | java.lang.Boolean | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instanceType | software.amazon.awscdk.services.ec2.InstanceType | The instance type to use for your node group. | | instanceTypes | java.util.List | The instance types to use for your node group. | | labels | java.util.Map | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | maxSize | java.lang.Number | The maximum number of worker nodes that the managed node group can scale out to. | | minSize | java.lang.Number | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroupName | java.lang.String | Name of the Nodegroup. | | nodeRole | software.amazon.awscdk.services.iam.IRole | The IAM role to associate with your node group. | | releaseVersion | java.lang.String | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | software.amazon.awscdk.services.ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | java.util.Map | The metadata to apply to the node group to assist with categorization and organization. | | cluster | ICluster | Cluster resource. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`amiType\`Optional - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacityType\`Optional - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desiredSize\`Optional - *Type:* java.lang.Number - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`diskSize\`Optional - *Type:* java.lang.Number - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`forceUpdate\`Optional - *Type:* java.lang.Boolean - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### ~~\`instanceType\`~~Optional - *Deprecated:* Use \`instanceTypes\` instead. - *Type:* software.amazon.awscdk.services.ec2.InstanceType - *Default:* t3.medium The instance type to use for your node group. Currently, you can specify a single instance type for a node group. The default value for this parameter is \`t3.medium\`. If you choose a GPU instance type, be sure to specify the \`AL2_x86_64_GPU\` with the amiType parameter. --- ##### \`instanceTypes\`Optional - *Type:* java.util.List - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional - *Type:* java.util.Map - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launchTemplateSpec\`Optional - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`maxSize\`Optional - *Type:* java.lang.Number - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`minSize\`Optional - *Type:* java.lang.Number - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroupName\`Optional - *Type:* java.lang.String - *Default:* resource ID Name of the Nodegroup. --- ##### \`nodeRole\`Optional - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`releaseVersion\`Optional - *Type:* java.lang.String - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remoteAccess\`Optional - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional - *Type:* java.util.Map - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`cluster\`Required - *Type:* ICluster Cluster resource. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.core.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | | fromNodegroupName | Import the Nodegroup from attributes. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.Nodegroup; Nodegroup.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.eks.Nodegroup; Nodegroup.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.amazon.awscdk.core.IConstruct --- ##### \`fromNodegroupName\` \`\`\`java import software.amazon.awscdk.services.eks.Nodegroup; Nodegroup.fromNodegroupName(Construct scope, java.lang.String id, java.lang.String nodegroupName) \`\`\` Import the Nodegroup from attributes. ###### \`scope\`Required - *Type:* software.constructs.Construct --- ###### \`id\`Required - *Type:* java.lang.String --- ###### \`nodegroupName\`Required - *Type:* java.lang.String --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | cluster | ICluster | the Amazon EKS cluster resource. | | nodegroupArn | java.lang.String | ARN of the nodegroup. | | nodegroupName | java.lang.String | Nodegroup name. | | role | software.amazon.awscdk.services.iam.IRole | IAM role of the instance profile for the nodegroup. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster the Amazon EKS cluster resource. --- ##### \`nodegroupArn\`Required \`\`\`java public java.lang.String getNodegroupArn(); \`\`\` - *Type:* java.lang.String ARN of the nodegroup. --- ##### \`nodegroupName\`Required \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String Nodegroup name. --- ##### \`role\`Required \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole IAM role of the instance profile for the nodegroup. --- ### OpenIdConnectProvider IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster > [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProvider; OpenIdConnectProvider.Builder.create(Construct scope, java.lang.String id) .url(java.lang.String) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | The definition scope. | | id | java.lang.String | Construct ID. | | url | java.lang.String | The URL of the identity provider. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct The definition scope. --- ##### \`id\`Required - *Type:* java.lang.String Construct ID. --- ##### \`url\`Required - *Type:* java.lang.String The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`java public void applyRemovalPolicy(RemovalPolicy policy) \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* software.amazon.awscdk.core.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | | fromOpenIdConnectProviderArn | Imports an Open ID connect provider from an ARN. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProvider; OpenIdConnectProvider.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- ##### \`isResource\` \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProvider; OpenIdConnectProvider.isResource(IConstruct construct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* software.amazon.awscdk.core.IConstruct --- ##### \`fromOpenIdConnectProviderArn\` \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProvider; OpenIdConnectProvider.fromOpenIdConnectProviderArn(Construct scope, java.lang.String id, java.lang.String openIdConnectProviderArn) \`\`\` Imports an Open ID connect provider from an ARN. ###### \`scope\`Required - *Type:* software.constructs.Construct The definition scope. --- ###### \`id\`Required - *Type:* java.lang.String ID of the construct. --- ###### \`openIdConnectProviderArn\`Required - *Type:* java.lang.String the ARN to import. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | openIdConnectProviderArn | java.lang.String | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. | | openIdConnectProviderIssuer | java.lang.String | The issuer for OIDC Provider. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`openIdConnectProviderArn\`Required \`\`\`java public java.lang.String getOpenIdConnectProviderArn(); \`\`\` - *Type:* java.lang.String The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. --- ##### \`openIdConnectProviderIssuer\`Required \`\`\`java public java.lang.String getOpenIdConnectProviderIssuer(); \`\`\` - *Type:* java.lang.String The issuer for OIDC Provider. --- ### ServiceAccount - *Implements:* software.amazon.awscdk.services.iam.IPrincipal Service Account. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.ServiceAccount; ServiceAccount.Builder.create(Construct scope, java.lang.String id) // .name(java.lang.String) // .namespace(java.lang.String) .cluster(ICluster) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | software.constructs.Construct | *No description.* | | id | java.lang.String | *No description.* | | name | java.lang.String | The name of the service account. | | namespace | java.lang.String | The namespace of the service account. | | cluster | ICluster | The cluster to apply the patch to. | --- ##### \`scope\`Required - *Type:* software.constructs.Construct --- ##### \`id\`Required - *Type:* java.lang.String --- ##### \`name\`Optional - *Type:* java.lang.String - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional - *Type:* java.lang.String - *Default:* "default" The namespace of the service account. --- ##### \`cluster\`Required - *Type:* ICluster The cluster to apply the patch to. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | addToPolicy | Add to the policy of this principal. | | addToPrincipalPolicy | Add to the policy of this principal. | --- ##### \`toString\` \`\`\`java public java.lang.String toString() \`\`\` Returns a string representation of this construct. ##### ~~\`addToPolicy\`~~ \`\`\`java public java.lang.Boolean addToPolicy(PolicyStatement statement) \`\`\` Add to the policy of this principal. ###### \`statement\`Required - *Type:* software.amazon.awscdk.services.iam.PolicyStatement --- ##### \`addToPrincipalPolicy\` \`\`\`java public AddToPrincipalPolicyResult addToPrincipalPolicy(PolicyStatement statement) \`\`\` Add to the policy of this principal. ###### \`statement\`Required - *Type:* software.amazon.awscdk.services.iam.PolicyStatement --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | --- ##### \`isConstruct\` \`\`\`java import software.amazon.awscdk.services.eks.ServiceAccount; ServiceAccount.isConstruct(java.lang.Object x) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* java.lang.Object --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node associated with this construct. | | assumeRoleAction | java.lang.String | When this Principal is used in an AssumeRole policy, the action to use. | | grantPrincipal | software.amazon.awscdk.services.iam.IPrincipal | The principal to grant permissions to. | | policyFragment | software.amazon.awscdk.services.iam.PrincipalPolicyFragment | Return the policy fragment that identifies this principal in a Policy. | | role | software.amazon.awscdk.services.iam.IRole | The role which is linked to the service account. | | serviceAccountName | java.lang.String | The name of the service account. | | serviceAccountNamespace | java.lang.String | The namespace where the service account is located in. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`assumeRoleAction\`Required \`\`\`java public java.lang.String getAssumeRoleAction(); \`\`\` - *Type:* java.lang.String When this Principal is used in an AssumeRole policy, the action to use. --- ##### \`grantPrincipal\`Required \`\`\`java public IPrincipal getGrantPrincipal(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IPrincipal The principal to grant permissions to. --- ##### \`policyFragment\`Required \`\`\`java public PrincipalPolicyFragment getPolicyFragment(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.PrincipalPolicyFragment Return the policy fragment that identifies this principal in a Policy. --- ##### \`role\`Required \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole The role which is linked to the service account. --- ##### \`serviceAccountName\`Required \`\`\`java public java.lang.String getServiceAccountName(); \`\`\` - *Type:* java.lang.String The name of the service account. --- ##### \`serviceAccountNamespace\`Required \`\`\`java public java.lang.String getServiceAccountNamespace(); \`\`\` - *Type:* java.lang.String The namespace where the service account is located in. --- ## Structs ### AutoScalingGroupCapacityOptions Options for adding worker nodes. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.AutoScalingGroupCapacityOptions; AutoScalingGroupCapacityOptions.builder() // .allowAllOutbound(java.lang.Boolean) // .associatePublicIpAddress(java.lang.Boolean) // .autoScalingGroupName(java.lang.String) // .blockDevices(java.util.List) // .cooldown(Duration) // .desiredCapacity(java.lang.Number) // .groupMetrics(java.util.List) // .healthCheck(HealthCheck) // .ignoreUnmodifiedSizeProperties(java.lang.Boolean) // .instanceMonitoring(Monitoring) // .keyName(java.lang.String) // .maxCapacity(java.lang.Number) // .maxInstanceLifetime(Duration) // .minCapacity(java.lang.Number) // .newInstancesProtectedFromScaleIn(java.lang.Boolean) // .notifications(java.util.List) // .notificationsTopic(ITopic) // .replacingUpdateMinSuccessfulInstancesPercent(java.lang.Number) // .resourceSignalCount(java.lang.Number) // .resourceSignalTimeout(Duration) // .rollingUpdateConfiguration(RollingUpdateConfiguration) // .signals(Signals) // .spotPrice(java.lang.String) // .updatePolicy(UpdatePolicy) // .updateType(UpdateType) // .vpcSubnets(SubnetSelection) .instanceType(InstanceType) // .bootstrapEnabled(java.lang.Boolean) // .bootstrapOptions(BootstrapOptions) // .machineImageType(MachineImageType) // .mapRole(java.lang.Boolean) // .spotInterruptHandler(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | allowAllOutbound | java.lang.Boolean | Whether the instances can initiate connections to anywhere by default. | | associatePublicIpAddress | java.lang.Boolean | Whether instances in the Auto Scaling Group should have public IP addresses associated with them. | | autoScalingGroupName | java.lang.String | The name of the Auto Scaling group. | | blockDevices | java.util.List | Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. | | cooldown | software.amazon.awscdk.core.Duration | Default scaling cooldown for this AutoScalingGroup. | | desiredCapacity | java.lang.Number | Initial amount of instances in the fleet. | | groupMetrics | java.util.List | Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. | | healthCheck | software.amazon.awscdk.services.autoscaling.HealthCheck | Configuration for health checks. | | ignoreUnmodifiedSizeProperties | java.lang.Boolean | If the ASG has scheduled actions, don't reset unchanged group sizes. | | instanceMonitoring | software.amazon.awscdk.services.autoscaling.Monitoring | Controls whether instances in this group are launched with detailed or basic monitoring. | | keyName | java.lang.String | Name of SSH keypair to grant access to instances. | | maxCapacity | java.lang.Number | Maximum number of instances in the fleet. | | maxInstanceLifetime | software.amazon.awscdk.core.Duration | The maximum amount of time that an instance can be in service. | | minCapacity | java.lang.Number | Minimum number of instances in the fleet. | | newInstancesProtectedFromScaleIn | java.lang.Boolean | Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. | | notifications | java.util.List | Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). | | notificationsTopic | software.amazon.awscdk.services.sns.ITopic | SNS topic to send notifications about fleet changes. | | replacingUpdateMinSuccessfulInstancesPercent | java.lang.Number | Configuration for replacing updates. | | resourceSignalCount | java.lang.Number | How many ResourceSignal calls CloudFormation expects before the resource is considered created. | | resourceSignalTimeout | software.amazon.awscdk.core.Duration | The length of time to wait for the resourceSignalCount. | | rollingUpdateConfiguration | software.amazon.awscdk.services.autoscaling.RollingUpdateConfiguration | Configuration for rolling updates. | | signals | software.amazon.awscdk.services.autoscaling.Signals | Configure waiting for signals during deployment. | | spotPrice | java.lang.String | The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. | | updatePolicy | software.amazon.awscdk.services.autoscaling.UpdatePolicy | What to do when an AutoScalingGroup's instance configuration is changed. | | updateType | software.amazon.awscdk.services.autoscaling.UpdateType | What to do when an AutoScalingGroup's instance configuration is changed. | | vpcSubnets | software.amazon.awscdk.services.ec2.SubnetSelection | Where to place instances within the VPC. | | instanceType | software.amazon.awscdk.services.ec2.InstanceType | Instance type of the instances to start. | | bootstrapEnabled | java.lang.Boolean | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | bootstrapOptions | BootstrapOptions | EKS node bootstrapping options. | | machineImageType | MachineImageType | Machine image type. | | mapRole | java.lang.Boolean | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | spotInterruptHandler | java.lang.Boolean | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`allowAllOutbound\`Optional \`\`\`java public java.lang.Boolean getAllowAllOutbound(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ##### \`associatePublicIpAddress\`Optional \`\`\`java public java.lang.Boolean getAssociatePublicIpAddress(); \`\`\` - *Type:* java.lang.Boolean - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ##### \`autoScalingGroupName\`Optional \`\`\`java public java.lang.String getAutoScalingGroupName(); \`\`\` - *Type:* java.lang.String - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ##### \`blockDevices\`Optional \`\`\`java public java.util.List getBlockDevices(); \`\`\` - *Type:* java.util.List - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ##### \`cooldown\`Optional \`\`\`java public Duration getCooldown(); \`\`\` - *Type:* software.amazon.awscdk.core.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ##### \`desiredCapacity\`Optional \`\`\`java public java.lang.Number getDesiredCapacity(); \`\`\` - *Type:* java.lang.Number - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ##### \`groupMetrics\`Optional \`\`\`java public java.util.List getGroupMetrics(); \`\`\` - *Type:* java.util.List - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ##### \`healthCheck\`Optional \`\`\`java public HealthCheck getHealthCheck(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ##### \`ignoreUnmodifiedSizeProperties\`Optional \`\`\`java public java.lang.Boolean getIgnoreUnmodifiedSizeProperties(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ##### \`instanceMonitoring\`Optional \`\`\`java public Monitoring getInstanceMonitoring(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ##### \`keyName\`Optional \`\`\`java public java.lang.String getKeyName(); \`\`\` - *Type:* java.lang.String - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ##### \`maxCapacity\`Optional \`\`\`java public java.lang.Number getMaxCapacity(); \`\`\` - *Type:* java.lang.Number - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ##### \`maxInstanceLifetime\`Optional \`\`\`java public Duration getMaxInstanceLifetime(); \`\`\` - *Type:* software.amazon.awscdk.core.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ##### \`minCapacity\`Optional \`\`\`java public java.lang.Number getMinCapacity(); \`\`\` - *Type:* java.lang.Number - *Default:* 1 Minimum number of instances in the fleet. --- ##### \`newInstancesProtectedFromScaleIn\`Optional \`\`\`java public java.lang.Boolean getNewInstancesProtectedFromScaleIn(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ##### \`notifications\`Optional \`\`\`java public java.util.List getNotifications(); \`\`\` - *Type:* java.util.List - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ##### ~~\`notificationsTopic\`~~Optional - *Deprecated:* use \`notifications\` \`\`\`java public ITopic getNotificationsTopic(); \`\`\` - *Type:* software.amazon.awscdk.services.sns.ITopic - *Default:* No fleet change notifications will be sent. SNS topic to send notifications about fleet changes. --- ##### ~~\`replacingUpdateMinSuccessfulInstancesPercent\`~~Optional - *Deprecated:* Use \`signals\` instead \`\`\`java public java.lang.Number getReplacingUpdateMinSuccessfulInstancesPercent(); \`\`\` - *Type:* java.lang.Number - *Default:* minSuccessfulInstancesPercent Configuration for replacing updates. Only used if updateType == UpdateType.ReplacingUpdate. Specifies how many instances must signal success for the update to succeed. --- ##### ~~\`resourceSignalCount\`~~Optional - *Deprecated:* Use \`signals\` instead. \`\`\`java public java.lang.Number getResourceSignalCount(); \`\`\` - *Type:* java.lang.Number - *Default:* 1 if resourceSignalTimeout is set, 0 otherwise How many ResourceSignal calls CloudFormation expects before the resource is considered created. --- ##### ~~\`resourceSignalTimeout\`~~Optional - *Deprecated:* Use \`signals\` instead. \`\`\`java public Duration getResourceSignalTimeout(); \`\`\` - *Type:* software.amazon.awscdk.core.Duration - *Default:* Duration.minutes(5) if resourceSignalCount is set, N/A otherwise The length of time to wait for the resourceSignalCount. The maximum value is 43200 (12 hours). --- ##### ~~\`rollingUpdateConfiguration\`~~Optional - *Deprecated:* Use \`updatePolicy\` instead \`\`\`java public RollingUpdateConfiguration getRollingUpdateConfiguration(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.RollingUpdateConfiguration - *Default:* RollingUpdateConfiguration with defaults. Configuration for rolling updates. Only used if updateType == UpdateType.RollingUpdate. --- ##### \`signals\`Optional \`\`\`java public Signals getSignals(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ##### \`spotPrice\`Optional \`\`\`java public java.lang.String getSpotPrice(); \`\`\` - *Type:* java.lang.String - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ##### \`updatePolicy\`Optional \`\`\`java public UpdatePolicy getUpdatePolicy(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### ~~\`updateType\`~~Optional - *Deprecated:* Use \`updatePolicy\` instead \`\`\`java public UpdateType getUpdateType(); \`\`\` - *Type:* software.amazon.awscdk.services.autoscaling.UpdateType - *Default:* UpdateType.None What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### \`vpcSubnets\`Optional \`\`\`java public SubnetSelection getVpcSubnets(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ##### \`instanceType\`Required \`\`\`java public InstanceType getInstanceType(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.InstanceType Instance type of the instances to start. --- ##### \`bootstrapEnabled\`Optional \`\`\`java public java.lang.Boolean getBootstrapEnabled(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`bootstrapOptions\`Optional \`\`\`java public BootstrapOptions getBootstrapOptions(); \`\`\` - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ##### \`machineImageType\`Optional \`\`\`java public MachineImageType getMachineImageType(); \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ##### \`mapRole\`Optional \`\`\`java public java.lang.Boolean getMapRole(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`spotInterruptHandler\`Optional \`\`\`java public java.lang.Boolean getSpotInterruptHandler(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ### AutoScalingGroupOptions Options for adding an AutoScalingGroup as capacity. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.AutoScalingGroupOptions; AutoScalingGroupOptions.builder() // .bootstrapEnabled(java.lang.Boolean) // .bootstrapOptions(BootstrapOptions) // .machineImageType(MachineImageType) // .mapRole(java.lang.Boolean) // .spotInterruptHandler(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | bootstrapEnabled | java.lang.Boolean | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | bootstrapOptions | BootstrapOptions | Allows options for node bootstrapping through EC2 user data. | | machineImageType | MachineImageType | Allow options to specify different machine image type. | | mapRole | java.lang.Boolean | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | spotInterruptHandler | java.lang.Boolean | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`bootstrapEnabled\`Optional \`\`\`java public java.lang.Boolean getBootstrapEnabled(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`bootstrapOptions\`Optional \`\`\`java public BootstrapOptions getBootstrapOptions(); \`\`\` - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ##### \`machineImageType\`Optional \`\`\`java public MachineImageType getMachineImageType(); \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ##### \`mapRole\`Optional \`\`\`java public java.lang.Boolean getMapRole(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`spotInterruptHandler\`Optional \`\`\`java public java.lang.Boolean getSpotInterruptHandler(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ### AwsAuthMapping AwsAuth mapping. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.AwsAuthMapping; AwsAuthMapping.builder() .groups(java.util.List) // .username(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | groups | java.util.List | A list of groups within Kubernetes to which the role is mapped. | | username | java.lang.String | The user name within Kubernetes to map to the IAM role. | --- ##### \`groups\`Required \`\`\`java public java.util.List getGroups(); \`\`\` - *Type:* java.util.List A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`username\`Optional \`\`\`java public java.lang.String getUsername(); \`\`\` - *Type:* java.lang.String - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- ### AwsAuthProps Configuration props for the AwsAuth construct. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.AwsAuthProps; AwsAuthProps.builder() .cluster(Cluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`cluster\`Required \`\`\`java public Cluster getCluster(); \`\`\` - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### BootstrapOptions EKS node bootstrapping options. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.BootstrapOptions; BootstrapOptions.builder() // .additionalArgs(java.lang.String) // .awsApiRetryAttempts(java.lang.Number) // .dnsClusterIp(java.lang.String) // .dockerConfigJson(java.lang.String) // .enableDockerBridge(java.lang.Boolean) // .kubeletExtraArgs(java.lang.String) // .useMaxPods(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | additionalArgs | java.lang.String | Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. | | awsApiRetryAttempts | java.lang.Number | Number of retry attempts for AWS API call (DescribeCluster). | | dnsClusterIp | java.lang.String | Overrides the IP address to use for DNS queries within the cluster. | | dockerConfigJson | java.lang.String | The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. | | enableDockerBridge | java.lang.Boolean | Restores the docker default bridge network. | | kubeletExtraArgs | java.lang.String | Extra arguments to add to the kubelet. | | useMaxPods | java.lang.Boolean | Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. | --- ##### \`additionalArgs\`Optional \`\`\`java public java.lang.String getAdditionalArgs(); \`\`\` - *Type:* java.lang.String - *Default:* none Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. > [https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) --- ##### \`awsApiRetryAttempts\`Optional \`\`\`java public java.lang.Number getAwsApiRetryAttempts(); \`\`\` - *Type:* java.lang.Number - *Default:* 3 Number of retry attempts for AWS API call (DescribeCluster). --- ##### \`dnsClusterIp\`Optional \`\`\`java public java.lang.String getDnsClusterIp(); \`\`\` - *Type:* java.lang.String - *Default:* 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface. Overrides the IP address to use for DNS queries within the cluster. --- ##### \`dockerConfigJson\`Optional \`\`\`java public java.lang.String getDockerConfigJson(); \`\`\` - *Type:* java.lang.String - *Default:* none The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. --- ##### \`enableDockerBridge\`Optional \`\`\`java public java.lang.Boolean getEnableDockerBridge(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Restores the docker default bridge network. --- ##### \`kubeletExtraArgs\`Optional \`\`\`java public java.lang.String getKubeletExtraArgs(); \`\`\` - *Type:* java.lang.String - *Default:* none Extra arguments to add to the kubelet. Useful for adding labels or taints. --- *Example* \`\`\`java // Example automatically generated from non-compiling source. May contain errors. --node - labels;foo = bar , goo = far; \`\`\` ##### \`useMaxPods\`Optional \`\`\`java public java.lang.Boolean getUseMaxPods(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. --- ### CfnAddonProps Properties for defining a \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnAddonProps; CfnAddonProps.builder() .addonName(java.lang.String) .clusterName(java.lang.String) // .addonVersion(java.lang.String) // .resolveConflicts(java.lang.String) // .serviceAccountRoleArn(java.lang.String) // .tags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | addonName | java.lang.String | \`AWS::EKS::Addon.AddonName\`. | | clusterName | java.lang.String | \`AWS::EKS::Addon.ClusterName\`. | | addonVersion | java.lang.String | \`AWS::EKS::Addon.AddonVersion\`. | | resolveConflicts | java.lang.String | \`AWS::EKS::Addon.ResolveConflicts\`. | | serviceAccountRoleArn | java.lang.String | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | tags | java.util.List | \`AWS::EKS::Addon.Tags\`. | --- ##### \`addonName\`Required \`\`\`java public java.lang.String getAddonName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addonVersion\`Optional \`\`\`java public java.lang.String getAddonVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolveConflicts\`Optional \`\`\`java public java.lang.String getResolveConflicts(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`serviceAccountRoleArn\`Optional \`\`\`java public java.lang.String getServiceAccountRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`tags\`Optional \`\`\`java public java.util.List getTags(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ### CfnClusterProps Properties for defining a \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnClusterProps; CfnClusterProps.builder() .resourcesVpcConfig(ResourcesVpcConfigProperty) .resourcesVpcConfig(IResolvable) .roleArn(java.lang.String) // .encryptionConfig(IResolvable) // .encryptionConfig(java.util.List) // .kubernetesNetworkConfig(KubernetesNetworkConfigProperty) // .kubernetesNetworkConfig(IResolvable) // .name(java.lang.String) // .version(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | resourcesVpcConfig | ResourcesVpcConfigProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | roleArn | java.lang.String | \`AWS::EKS::Cluster.RoleArn\`. | | encryptionConfig | software.amazon.awscdk.core.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.core.IResolvable> | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetesNetworkConfig | KubernetesNetworkConfigProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | java.lang.String | \`AWS::EKS::Cluster.Name\`. | | version | java.lang.String | \`AWS::EKS::Cluster.Version\`. | --- ##### \`resourcesVpcConfig\`Required \`\`\`java public java.lang.Object getResourcesVpcConfig(); \`\`\` - *Type:* ResourcesVpcConfigProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`roleArn\`Required \`\`\`java public java.lang.String getRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryptionConfig\`Optional \`\`\`java public java.lang.Object getEncryptionConfig(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<EncryptionConfigProperty OR software.amazon.awscdk.core.IResolvable> \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetesNetworkConfig\`Optional \`\`\`java public java.lang.Object getKubernetesNetworkConfig(); \`\`\` - *Type:* KubernetesNetworkConfigProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- ### CfnFargateProfileProps Properties for defining a \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfileProps; CfnFargateProfileProps.builder() .clusterName(java.lang.String) .podExecutionRoleArn(java.lang.String) .selectors(IResolvable) .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .subnets(java.util.List) // .tags(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | clusterName | java.lang.String | \`AWS::EKS::FargateProfile.ClusterName\`. | | podExecutionRoleArn | java.lang.String | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | software.amazon.awscdk.core.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.core.IResolvable> | \`AWS::EKS::FargateProfile.Selectors\`. | | fargateProfileName | java.lang.String | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | java.util.List | \`AWS::EKS::FargateProfile.Subnets\`. | | tags | java.util.List | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`podExecutionRoleArn\`Required \`\`\`java public java.lang.String getPodExecutionRoleArn(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required \`\`\`java public java.lang.Object getSelectors(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<SelectorProperty OR software.amazon.awscdk.core.IResolvable> \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargateProfileName\`Optional \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional \`\`\`java public java.util.List getSubnets(); \`\`\` - *Type:* java.util.List \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`tags\`Optional \`\`\`java public java.util.List getTags(); \`\`\` - *Type:* java.util.List \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ### CfnNodegroupProps Properties for defining a \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroupProps; CfnNodegroupProps.builder() .clusterName(java.lang.String) .nodeRole(java.lang.String) .subnets(java.util.List) // .amiType(java.lang.String) // .capacityType(java.lang.String) // .diskSize(java.lang.Number) // .forceUpdateEnabled(java.lang.Boolean) // .forceUpdateEnabled(IResolvable) // .instanceTypes(java.util.List) // .labels(java.lang.Object) // .launchTemplate(LaunchTemplateSpecificationProperty) // .launchTemplate(IResolvable) // .nodegroupName(java.lang.String) // .releaseVersion(java.lang.String) // .remoteAccess(RemoteAccessProperty) // .remoteAccess(IResolvable) // .scalingConfig(ScalingConfigProperty) // .scalingConfig(IResolvable) // .tags(java.lang.Object) // .taints(IResolvable) // .taints(java.util.List) // .version(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | clusterName | java.lang.String | \`AWS::EKS::Nodegroup.ClusterName\`. | | nodeRole | java.lang.String | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | java.util.List | \`AWS::EKS::Nodegroup.Subnets\`. | | amiType | java.lang.String | \`AWS::EKS::Nodegroup.AmiType\`. | | capacityType | java.lang.String | \`AWS::EKS::Nodegroup.CapacityType\`. | | diskSize | java.lang.Number | \`AWS::EKS::Nodegroup.DiskSize\`. | | forceUpdateEnabled | java.lang.Boolean OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instanceTypes | java.util.List | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | labels | java.lang.Object | \`AWS::EKS::Nodegroup.Labels\`. | | launchTemplate | LaunchTemplateSpecificationProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroupName | java.lang.String | \`AWS::EKS::Nodegroup.NodegroupName\`. | | releaseVersion | java.lang.String | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remoteAccess | RemoteAccessProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scalingConfig | ScalingConfigProperty OR software.amazon.awscdk.core.IResolvable | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | tags | java.lang.Object | \`AWS::EKS::Nodegroup.Tags\`. | | taints | software.amazon.awscdk.core.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.core.IResolvable> | \`AWS::EKS::Nodegroup.Taints\`. | | version | java.lang.String | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`nodeRole\`Required \`\`\`java public java.lang.String getNodeRole(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required \`\`\`java public java.util.List getSubnets(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`amiType\`Optional \`\`\`java public java.lang.String getAmiType(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacityType\`Optional \`\`\`java public java.lang.String getCapacityType(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`diskSize\`Optional \`\`\`java public java.lang.Number getDiskSize(); \`\`\` - *Type:* java.lang.Number \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`forceUpdateEnabled\`Optional \`\`\`java public java.lang.Object getForceUpdateEnabled(); \`\`\` - *Type:* java.lang.Boolean OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instanceTypes\`Optional \`\`\`java public java.util.List getInstanceTypes(); \`\`\` - *Type:* java.util.List \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`java public java.lang.Object getLabels(); \`\`\` - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`launchTemplate\`Optional \`\`\`java public java.lang.Object getLaunchTemplate(); \`\`\` - *Type:* LaunchTemplateSpecificationProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroupName\`Optional \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`releaseVersion\`Optional \`\`\`java public java.lang.String getReleaseVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remoteAccess\`Optional \`\`\`java public java.lang.Object getRemoteAccess(); \`\`\` - *Type:* RemoteAccessProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scalingConfig\`Optional \`\`\`java public java.lang.Object getScalingConfig(); \`\`\` - *Type:* ScalingConfigProperty OR software.amazon.awscdk.core.IResolvable \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`tags\`Optional \`\`\`java public java.lang.Object getTags(); \`\`\` - *Type:* java.lang.Object \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`taints\`Optional \`\`\`java public java.lang.Object getTaints(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<TaintProperty OR software.amazon.awscdk.core.IResolvable> \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- ### ClusterAttributes Attributes for EKS clusters. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ClusterAttributes; ClusterAttributes.builder() .clusterName(java.lang.String) // .clusterCertificateAuthorityData(java.lang.String) // .clusterEncryptionConfigKeyArn(java.lang.String) // .clusterEndpoint(java.lang.String) // .clusterSecurityGroupId(java.lang.String) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .kubectlPrivateSubnetIds(java.util.List) // .kubectlRoleArn(java.lang.String) // .kubectlSecurityGroupId(java.lang.String) // .openIdConnectProvider(IOpenIdConnectProvider) // .prune(java.lang.Boolean) // .securityGroupIds(java.util.List) // .vpc(IVpc) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | clusterName | java.lang.String | The physical name of the Cluster. | | clusterCertificateAuthorityData | java.lang.String | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | java.lang.String | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | java.lang.String | The API Server endpoint URL. | | clusterSecurityGroupId | java.lang.String | The cluster security group that was created by Amazon EKS for the cluster. | | kubectlEnvironment | java.util.Map | Environment variables to use when running \`kubectl\` against this cluster. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.core.Size | Amount of memory to allocate to the provider's lambda function. | | kubectlPrivateSubnetIds | java.util.List | Subnets to host the \`kubectl\` compute resources. | | kubectlRoleArn | java.lang.String | An IAM role with cluster administrator and "system:masters" permissions. | | kubectlSecurityGroupId | java.lang.String | A security group to use for \`kubectl\` execution. | | openIdConnectProvider | software.amazon.awscdk.services.iam.IOpenIdConnectProvider | An Open ID Connect provider for this cluster that can be used to configure service accounts. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | securityGroupIds | java.util.List | Additional security groups associated with this cluster. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which this Cluster was created. | --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String The physical name of the Cluster. --- ##### \`clusterCertificateAuthorityData\`Optional \`\`\`java public java.lang.String getClusterCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Optional \`\`\`java public java.lang.String getClusterEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Optional \`\`\`java public java.lang.String getClusterEndpoint(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ##### \`clusterSecurityGroupId\`Optional \`\`\`java public java.lang.String getClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: \`\`\` helm/helm kubectl/kubectl awscli/aws \`\`\` --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.core.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`kubectlPrivateSubnetIds\`Optional \`\`\`java public java.util.List getKubectlPrivateSubnetIds(); \`\`\` - *Type:* java.util.List - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`kubectlRoleArn\`Optional \`\`\`java public java.lang.String getKubectlRoleArn(); \`\`\` - *Type:* java.lang.String - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ##### \`kubectlSecurityGroupId\`Optional \`\`\`java public java.lang.String getKubectlSecurityGroupId(); \`\`\` - *Type:* java.lang.String - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`openIdConnectProvider\`Optional \`\`\`java public IOpenIdConnectProvider getOpenIdConnectProvider(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`securityGroupIds\`Optional \`\`\`java public java.util.List getSecurityGroupIds(); \`\`\` - *Type:* java.util.List - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- ### ClusterOptions Options for EKS clusters. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ClusterOptions; ClusterOptions.builder() .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.core.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | --- ##### \`version\`Required \`\`\`java public KubernetesVersion getVersion(); \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`java public java.lang.Boolean getOutputClusterName(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`java public java.lang.Boolean getOutputConfigCommand(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`java public ISecurityGroup getSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`java public java.util.List getVpcSubnets(); \`\`\` - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional \`\`\`java public java.util.Map getClusterHandlerEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional \`\`\`java public CoreDnsComputeType getCoreDnsComputeType(); \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional \`\`\`java public EndpointAccess getEndpointAccess(); \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.core.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional \`\`\`java public IRole getMastersRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional \`\`\`java public java.lang.Boolean getOutputMastersRoleArn(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional \`\`\`java public java.lang.Boolean getPlaceClusterHandlerInVpc(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional \`\`\`java public IKey getSecretsEncryptionKey(); \`\`\` - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ### ClusterProps Common configuration props for EKS clusters. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ClusterProps; ClusterProps.builder() .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) // .defaultCapacity(java.lang.Number) // .defaultCapacityInstance(InstanceType) // .defaultCapacityType(DefaultCapacityType) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.core.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultCapacity | java.lang.Number | Number of instances to allocate as an initial capacity for this cluster. | | defaultCapacityInstance | software.amazon.awscdk.services.ec2.InstanceType | The instance type to use for the default capacity. | | defaultCapacityType | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`version\`Required \`\`\`java public KubernetesVersion getVersion(); \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`java public java.lang.Boolean getOutputClusterName(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`java public java.lang.Boolean getOutputConfigCommand(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`java public ISecurityGroup getSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`java public java.util.List getVpcSubnets(); \`\`\` - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional \`\`\`java public java.util.Map getClusterHandlerEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional \`\`\`java public CoreDnsComputeType getCoreDnsComputeType(); \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional \`\`\`java public EndpointAccess getEndpointAccess(); \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.core.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional \`\`\`java public IRole getMastersRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional \`\`\`java public java.lang.Boolean getOutputMastersRoleArn(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional \`\`\`java public java.lang.Boolean getPlaceClusterHandlerInVpc(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional \`\`\`java public IKey getSecretsEncryptionKey(); \`\`\` - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultCapacity\`Optional \`\`\`java public java.lang.Number getDefaultCapacity(); \`\`\` - *Type:* java.lang.Number - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`defaultCapacityInstance\`Optional \`\`\`java public InstanceType getDefaultCapacityInstance(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`defaultCapacityType\`Optional \`\`\`java public DefaultCapacityType getDefaultCapacityType(); \`\`\` - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- ### CommonClusterOptions Options for configuring an EKS cluster. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CommonClusterOptions; CommonClusterOptions.builder() .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | --- ##### \`version\`Required \`\`\`java public KubernetesVersion getVersion(); \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`java public java.lang.Boolean getOutputClusterName(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`java public java.lang.Boolean getOutputConfigCommand(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`java public ISecurityGroup getSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`java public java.util.List getVpcSubnets(); \`\`\` - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ### EksOptimizedImageProps Properties for EksOptimizedImage. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.EksOptimizedImageProps; EksOptimizedImageProps.builder() // .cpuArch(CpuArch) // .kubernetesVersion(java.lang.String) // .nodeType(NodeType) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cpuArch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | kubernetesVersion | java.lang.String | The Kubernetes version to use. | | nodeType | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`cpuArch\`Optional \`\`\`java public CpuArch getCpuArch(); \`\`\` - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`kubernetesVersion\`Optional \`\`\`java public java.lang.String getKubernetesVersion(); \`\`\` - *Type:* java.lang.String - *Default:* The latest version The Kubernetes version to use. --- ##### \`nodeType\`Optional \`\`\`java public NodeType getNodeType(); \`\`\` - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- ### EncryptionConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster.EncryptionConfigProperty; EncryptionConfigProperty.builder() // .provider(ProviderProperty) // .provider(IResolvable) // .resources(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | provider | ProviderProperty OR software.amazon.awscdk.core.IResolvable | \`CfnCluster.EncryptionConfigProperty.Provider\`. | | resources | java.util.List | \`CfnCluster.EncryptionConfigProperty.Resources\`. | --- ##### \`provider\`Optional \`\`\`java public java.lang.Object getProvider(); \`\`\` - *Type:* ProviderProperty OR software.amazon.awscdk.core.IResolvable \`CfnCluster.EncryptionConfigProperty.Provider\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider) --- ##### \`resources\`Optional \`\`\`java public java.util.List getResources(); \`\`\` - *Type:* java.util.List \`CfnCluster.EncryptionConfigProperty.Resources\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources) --- ### FargateClusterProps Configuration props for EKS Fargate. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.FargateClusterProps; FargateClusterProps.builder() .version(KubernetesVersion) // .clusterName(java.lang.String) // .outputClusterName(java.lang.Boolean) // .outputConfigCommand(java.lang.Boolean) // .role(IRole) // .securityGroup(ISecurityGroup) // .vpc(IVpc) // .vpcSubnets(java.util.List) // .clusterHandlerEnvironment(java.util.Map) // .coreDnsComputeType(CoreDnsComputeType) // .endpointAccess(EndpointAccess) // .kubectlEnvironment(java.util.Map) // .kubectlLayer(ILayerVersion) // .kubectlMemory(Size) // .mastersRole(IRole) // .outputMastersRoleArn(java.lang.Boolean) // .placeClusterHandlerInVpc(java.lang.Boolean) // .prune(java.lang.Boolean) // .secretsEncryptionKey(IKey) // .defaultProfile(FargateProfileOptions) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | java.lang.String | Name for the cluster. | | outputClusterName | java.lang.Boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | java.lang.Boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | software.amazon.awscdk.services.iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | java.util.List | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | java.util.Map | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | java.util.Map | Environment variables for the kubectl execution. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | software.amazon.awscdk.core.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | software.amazon.awscdk.services.iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | java.lang.Boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | java.lang.Boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | software.amazon.awscdk.services.kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultProfile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`version\`Required \`\`\`java public KubernetesVersion getVersion(); \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`java public java.lang.Boolean getOutputClusterName(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`java public java.lang.Boolean getOutputConfigCommand(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`java public IRole getRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`java public ISecurityGroup getSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`java public java.util.List getVpcSubnets(); \`\`\` - *Type:* java.util.List - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional \`\`\`java public java.util.Map getClusterHandlerEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional \`\`\`java public CoreDnsComputeType getCoreDnsComputeType(); \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional \`\`\`java public EndpointAccess getEndpointAccess(); \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`java // Example automatically generated from non-compiling source. May contain errors. Object layer = LayerVersion.Builder.create(this, "kubectl-layer") .code(lambda.Code.fromAsset(String.format("%s/layer.zip", __dirname))) .build();[lambda.Runtime.PROVIDED] compatibleRuntimes; \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.core.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional \`\`\`java public IRole getMastersRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional \`\`\`java public java.lang.Boolean getOutputMastersRoleArn(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional \`\`\`java public java.lang.Boolean getPlaceClusterHandlerInVpc(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional \`\`\`java public IKey getSecretsEncryptionKey(); \`\`\` - *Type:* software.amazon.awscdk.services.kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultProfile\`Optional \`\`\`java public FargateProfileOptions getDefaultProfile(); \`\`\` - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- ### FargateProfileOptions Options for defining EKS Fargate Profiles. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.FargateProfileOptions; FargateProfileOptions.builder() .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .podExecutionRole(IRole) // .subnetSelection(SubnetSelection) // .vpc(IVpc) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | selectors | java.util.List<Selector> | The selectors to match for pods to use this Fargate profile. | | fargateProfileName | java.lang.String | The name of the Fargate profile. | | podExecutionRole | software.amazon.awscdk.services.iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnetSelection | software.amazon.awscdk.services.ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC from which to select subnets to launch your pods into. | --- ##### \`selectors\`Required \`\`\`java public java.util.List getSelectors(); \`\`\` - *Type:* java.util.List<Selector> The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargateProfileName\`Optional \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String - *Default:* generated The name of the Fargate profile. --- ##### \`podExecutionRole\`Optional \`\`\`java public IRole getPodExecutionRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnetSelection\`Optional \`\`\`java public SubnetSelection getSubnetSelection(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ### FargateProfileProps Configuration props for EKS Fargate Profiles. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.FargateProfileProps; FargateProfileProps.builder() .selectors(java.util.List) // .fargateProfileName(java.lang.String) // .podExecutionRole(IRole) // .subnetSelection(SubnetSelection) // .vpc(IVpc) .cluster(Cluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | selectors | java.util.List<Selector> | The selectors to match for pods to use this Fargate profile. | | fargateProfileName | java.lang.String | The name of the Fargate profile. | | podExecutionRole | software.amazon.awscdk.services.iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnetSelection | software.amazon.awscdk.services.ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`selectors\`Required \`\`\`java public java.util.List getSelectors(); \`\`\` - *Type:* java.util.List<Selector> The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargateProfileName\`Optional \`\`\`java public java.lang.String getFargateProfileName(); \`\`\` - *Type:* java.lang.String - *Default:* generated The name of the Fargate profile. --- ##### \`podExecutionRole\`Optional \`\`\`java public IRole getPodExecutionRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnetSelection\`Optional \`\`\`java public SubnetSelection getSubnetSelection(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`cluster\`Required \`\`\`java public Cluster getCluster(); \`\`\` - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- ### HelmChartOptions Helm Chart options. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.HelmChartOptions; HelmChartOptions.builder() .chart(java.lang.String) // .createNamespace(java.lang.Boolean) // .namespace(java.lang.String) // .release(java.lang.String) // .repository(java.lang.String) // .timeout(Duration) // .values(java.util.Map) // .version(java.lang.String) // .wait(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | chart | java.lang.String | The name of the chart. | | createNamespace | java.lang.Boolean | create namespace if not exist. | | namespace | java.lang.String | The Kubernetes namespace scope of the requests. | | release | java.lang.String | The name of the release. | | repository | java.lang.String | The repository which contains the chart. | | timeout | software.amazon.awscdk.core.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | java.util.Map | The values to be used by the chart. | | version | java.lang.String | The chart version to install. | | wait | java.lang.Boolean | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | --- ##### \`chart\`Required \`\`\`java public java.lang.String getChart(); \`\`\` - *Type:* java.lang.String The name of the chart. --- ##### \`createNamespace\`Optional \`\`\`java public java.lang.Boolean getCreateNamespace(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional \`\`\`java public java.lang.String getRelease(); \`\`\` - *Type:* java.lang.String - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional \`\`\`java public java.lang.String getRepository(); \`\`\` - *Type:* java.lang.String - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional \`\`\`java public Duration getTimeout(); \`\`\` - *Type:* software.amazon.awscdk.core.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional \`\`\`java public java.util.Map getValues(); \`\`\` - *Type:* java.util.Map - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional \`\`\`java public java.lang.Boolean getWait(); \`\`\` - *Type:* java.lang.Boolean - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ### HelmChartProps Helm Chart properties. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.HelmChartProps; HelmChartProps.builder() .chart(java.lang.String) // .createNamespace(java.lang.Boolean) // .namespace(java.lang.String) // .release(java.lang.String) // .repository(java.lang.String) // .timeout(Duration) // .values(java.util.Map) // .version(java.lang.String) // .wait(java.lang.Boolean) .cluster(ICluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | chart | java.lang.String | The name of the chart. | | createNamespace | java.lang.Boolean | create namespace if not exist. | | namespace | java.lang.String | The Kubernetes namespace scope of the requests. | | release | java.lang.String | The name of the release. | | repository | java.lang.String | The repository which contains the chart. | | timeout | software.amazon.awscdk.core.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | java.util.Map | The values to be used by the chart. | | version | java.lang.String | The chart version to install. | | wait | java.lang.Boolean | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`chart\`Required \`\`\`java public java.lang.String getChart(); \`\`\` - *Type:* java.lang.String The name of the chart. --- ##### \`createNamespace\`Optional \`\`\`java public java.lang.Boolean getCreateNamespace(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional \`\`\`java public java.lang.String getRelease(); \`\`\` - *Type:* java.lang.String - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional \`\`\`java public java.lang.String getRepository(); \`\`\` - *Type:* java.lang.String - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional \`\`\`java public Duration getTimeout(); \`\`\` - *Type:* software.amazon.awscdk.core.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional \`\`\`java public java.util.Map getValues(); \`\`\` - *Type:* java.util.Map - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional \`\`\`java public java.lang.Boolean getWait(); \`\`\` - *Type:* java.lang.Boolean - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### KubernetesManifestOptions Options for \`KubernetesManifest\`. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.KubernetesManifestOptions; KubernetesManifestOptions.builder() // .prune(java.lang.Boolean) // .skipValidation(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | prune | java.lang.Boolean | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skipValidation | java.lang.Boolean | A flag to signify if the manifest validation should be skipped. | --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skipValidation\`Optional \`\`\`java public java.lang.Boolean getSkipValidation(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false A flag to signify if the manifest validation should be skipped. --- ### KubernetesManifestProps Properties for KubernetesManifest. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.KubernetesManifestProps; KubernetesManifestProps.builder() // .prune(java.lang.Boolean) // .skipValidation(java.lang.Boolean) .cluster(ICluster) .manifest(java.util.List>) // .overwrite(java.lang.Boolean) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | prune | java.lang.Boolean | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skipValidation | java.lang.Boolean | A flag to signify if the manifest validation should be skipped. | | cluster | ICluster | The EKS cluster to apply this manifest to. | | manifest | java.util.List> | The manifest to apply. | | overwrite | java.lang.Boolean | Overwrite any existing resources. | --- ##### \`prune\`Optional \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skipValidation\`Optional \`\`\`java public java.lang.Boolean getSkipValidation(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`manifest\`Required \`\`\`java public java.util.List> getManifest(); \`\`\` - *Type:* java.util.List> The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`java List.of(Map.of( "apiVersion", "v1", "kind", "Pod", "metadata", Map.of("name", "mypod"), "spec", Map.of( "containers", List.of(Map.of("name", "hello", "image", "paulbouwer/hello-kubernetes:1.5", "ports", List.of(Map.of("containerPort", 8080))))))); \`\`\` ##### \`overwrite\`Optional \`\`\`java public java.lang.Boolean getOverwrite(); \`\`\` - *Type:* java.lang.Boolean - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- ### KubernetesNetworkConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster.KubernetesNetworkConfigProperty; KubernetesNetworkConfigProperty.builder() // .serviceIpv4Cidr(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | serviceIpv4Cidr | java.lang.String | \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. | --- ##### \`serviceIpv4Cidr\`Optional \`\`\`java public java.lang.String getServiceIpv4Cidr(); \`\`\` - *Type:* java.lang.String \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr) --- ### KubernetesObjectValueProps Properties for KubernetesObjectValue. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.KubernetesObjectValueProps; KubernetesObjectValueProps.builder() .cluster(ICluster) .jsonPath(java.lang.String) .objectName(java.lang.String) .objectType(java.lang.String) // .objectNamespace(java.lang.String) // .timeout(Duration) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster | ICluster | The EKS cluster to fetch attributes from. | | jsonPath | java.lang.String | JSONPath to the specific value. | | objectName | java.lang.String | The name of the object to query. | | objectType | java.lang.String | The object type to query. | | objectNamespace | java.lang.String | The namespace the object belongs to. | | timeout | software.amazon.awscdk.core.Duration | Timeout for waiting on a value. | --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`jsonPath\`Required \`\`\`java public java.lang.String getJsonPath(); \`\`\` - *Type:* java.lang.String JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`objectName\`Required \`\`\`java public java.lang.String getObjectName(); \`\`\` - *Type:* java.lang.String The name of the object to query. --- ##### \`objectType\`Required \`\`\`java public java.lang.String getObjectType(); \`\`\` - *Type:* java.lang.String The object type to query. (e.g 'service', 'pod'...) --- ##### \`objectNamespace\`Optional \`\`\`java public java.lang.String getObjectNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* 'default' The namespace the object belongs to. --- ##### \`timeout\`Optional \`\`\`java public Duration getTimeout(); \`\`\` - *Type:* software.amazon.awscdk.core.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- ### KubernetesPatchProps Properties for KubernetesPatch. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.KubernetesPatchProps; KubernetesPatchProps.builder() .applyPatch(java.util.Map) .cluster(ICluster) .resourceName(java.lang.String) .restorePatch(java.util.Map) // .patchType(PatchType) // .resourceNamespace(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | applyPatch | java.util.Map | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | cluster | ICluster | The cluster to apply the patch to. | | resourceName | java.lang.String | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | restorePatch | java.util.Map | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | patchType | PatchType | The patch type to pass to \`kubectl patch\`. | | resourceNamespace | java.lang.String | The kubernetes API namespace. | --- ##### \`applyPatch\`Required \`\`\`java public java.util.Map getApplyPatch(); \`\`\` - *Type:* java.util.Map The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`resourceName\`Required \`\`\`java public java.lang.String getResourceName(); \`\`\` - *Type:* java.lang.String The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`restorePatch\`Required \`\`\`java public java.util.Map getRestorePatch(); \`\`\` - *Type:* java.util.Map The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`patchType\`Optional \`\`\`java public PatchType getPatchType(); \`\`\` - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`resourceNamespace\`Optional \`\`\`java public java.lang.String getResourceNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* "default" The kubernetes API namespace. --- ### LabelProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile.LabelProperty; LabelProperty.builder() .key(java.lang.String) .value(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | key | java.lang.String | \`CfnFargateProfile.LabelProperty.Key\`. | | value | java.lang.String | \`CfnFargateProfile.LabelProperty.Value\`. | --- ##### \`key\`Required \`\`\`java public java.lang.String getKey(); \`\`\` - *Type:* java.lang.String \`CfnFargateProfile.LabelProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key) --- ##### \`value\`Required \`\`\`java public java.lang.String getValue(); \`\`\` - *Type:* java.lang.String \`CfnFargateProfile.LabelProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value) --- ### LaunchTemplateSpec Launch template property specification. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.LaunchTemplateSpec; LaunchTemplateSpec.builder() .id(java.lang.String) // .version(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | id | java.lang.String | The Launch template ID. | | version | java.lang.String | The launch template version to be used (optional). | --- ##### \`id\`Required \`\`\`java public java.lang.String getId(); \`\`\` - *Type:* java.lang.String The Launch template ID. --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String - *Default:* the default version of the launch template The launch template version to be used (optional). --- ### LaunchTemplateSpecificationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup.LaunchTemplateSpecificationProperty; LaunchTemplateSpecificationProperty.builder() // .id(java.lang.String) // .name(java.lang.String) // .version(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | id | java.lang.String | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. | | name | java.lang.String | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. | | version | java.lang.String | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. | --- ##### \`id\`Optional \`\`\`java public java.lang.String getId(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id) --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name) --- ##### \`version\`Optional \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version) --- ### NodegroupOptions The Nodegroup Options for addNodeGroup() method. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.NodegroupOptions; NodegroupOptions.builder() // .amiType(NodegroupAmiType) // .capacityType(CapacityType) // .desiredSize(java.lang.Number) // .diskSize(java.lang.Number) // .forceUpdate(java.lang.Boolean) // .instanceType(InstanceType) // .instanceTypes(java.util.List) // .labels(java.util.Map) // .launchTemplateSpec(LaunchTemplateSpec) // .maxSize(java.lang.Number) // .minSize(java.lang.Number) // .nodegroupName(java.lang.String) // .nodeRole(IRole) // .releaseVersion(java.lang.String) // .remoteAccess(NodegroupRemoteAccess) // .subnets(SubnetSelection) // .tags(java.util.Map) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | amiType | NodegroupAmiType | The AMI type for your node group. | | capacityType | CapacityType | The capacity type of the nodegroup. | | desiredSize | java.lang.Number | The current number of worker nodes that the managed node group should maintain. | | diskSize | java.lang.Number | The root device disk size (in GiB) for your node group instances. | | forceUpdate | java.lang.Boolean | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instanceType | software.amazon.awscdk.services.ec2.InstanceType | The instance type to use for your node group. | | instanceTypes | java.util.List | The instance types to use for your node group. | | labels | java.util.Map | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | maxSize | java.lang.Number | The maximum number of worker nodes that the managed node group can scale out to. | | minSize | java.lang.Number | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroupName | java.lang.String | Name of the Nodegroup. | | nodeRole | software.amazon.awscdk.services.iam.IRole | The IAM role to associate with your node group. | | releaseVersion | java.lang.String | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | software.amazon.awscdk.services.ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | java.util.Map | The metadata to apply to the node group to assist with categorization and organization. | --- ##### \`amiType\`Optional \`\`\`java public NodegroupAmiType getAmiType(); \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacityType\`Optional \`\`\`java public CapacityType getCapacityType(); \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desiredSize\`Optional \`\`\`java public java.lang.Number getDesiredSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`diskSize\`Optional \`\`\`java public java.lang.Number getDiskSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`forceUpdate\`Optional \`\`\`java public java.lang.Boolean getForceUpdate(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### ~~\`instanceType\`~~Optional - *Deprecated:* Use \`instanceTypes\` instead. \`\`\`java public InstanceType getInstanceType(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.InstanceType - *Default:* t3.medium The instance type to use for your node group. Currently, you can specify a single instance type for a node group. The default value for this parameter is \`t3.medium\`. If you choose a GPU instance type, be sure to specify the \`AL2_x86_64_GPU\` with the amiType parameter. --- ##### \`instanceTypes\`Optional \`\`\`java public java.util.List getInstanceTypes(); \`\`\` - *Type:* java.util.List - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`java public java.util.Map getLabels(); \`\`\` - *Type:* java.util.Map - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launchTemplateSpec\`Optional \`\`\`java public LaunchTemplateSpec getLaunchTemplateSpec(); \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`maxSize\`Optional \`\`\`java public java.lang.Number getMaxSize(); \`\`\` - *Type:* java.lang.Number - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`minSize\`Optional \`\`\`java public java.lang.Number getMinSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroupName\`Optional \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String - *Default:* resource ID Name of the Nodegroup. --- ##### \`nodeRole\`Optional \`\`\`java public IRole getNodeRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`releaseVersion\`Optional \`\`\`java public java.lang.String getReleaseVersion(); \`\`\` - *Type:* java.lang.String - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remoteAccess\`Optional \`\`\`java public NodegroupRemoteAccess getRemoteAccess(); \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional \`\`\`java public SubnetSelection getSubnets(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional \`\`\`java public java.util.Map getTags(); \`\`\` - *Type:* java.util.Map - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ### NodegroupProps NodeGroup properties interface. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.NodegroupProps; NodegroupProps.builder() // .amiType(NodegroupAmiType) // .capacityType(CapacityType) // .desiredSize(java.lang.Number) // .diskSize(java.lang.Number) // .forceUpdate(java.lang.Boolean) // .instanceType(InstanceType) // .instanceTypes(java.util.List) // .labels(java.util.Map) // .launchTemplateSpec(LaunchTemplateSpec) // .maxSize(java.lang.Number) // .minSize(java.lang.Number) // .nodegroupName(java.lang.String) // .nodeRole(IRole) // .releaseVersion(java.lang.String) // .remoteAccess(NodegroupRemoteAccess) // .subnets(SubnetSelection) // .tags(java.util.Map) .cluster(ICluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | amiType | NodegroupAmiType | The AMI type for your node group. | | capacityType | CapacityType | The capacity type of the nodegroup. | | desiredSize | java.lang.Number | The current number of worker nodes that the managed node group should maintain. | | diskSize | java.lang.Number | The root device disk size (in GiB) for your node group instances. | | forceUpdate | java.lang.Boolean | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instanceType | software.amazon.awscdk.services.ec2.InstanceType | The instance type to use for your node group. | | instanceTypes | java.util.List | The instance types to use for your node group. | | labels | java.util.Map | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | maxSize | java.lang.Number | The maximum number of worker nodes that the managed node group can scale out to. | | minSize | java.lang.Number | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroupName | java.lang.String | Name of the Nodegroup. | | nodeRole | software.amazon.awscdk.services.iam.IRole | The IAM role to associate with your node group. | | releaseVersion | java.lang.String | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | software.amazon.awscdk.services.ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | java.util.Map | The metadata to apply to the node group to assist with categorization and organization. | | cluster | ICluster | Cluster resource. | --- ##### \`amiType\`Optional \`\`\`java public NodegroupAmiType getAmiType(); \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacityType\`Optional \`\`\`java public CapacityType getCapacityType(); \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desiredSize\`Optional \`\`\`java public java.lang.Number getDesiredSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`diskSize\`Optional \`\`\`java public java.lang.Number getDiskSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`forceUpdate\`Optional \`\`\`java public java.lang.Boolean getForceUpdate(); \`\`\` - *Type:* java.lang.Boolean - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### ~~\`instanceType\`~~Optional - *Deprecated:* Use \`instanceTypes\` instead. \`\`\`java public InstanceType getInstanceType(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.InstanceType - *Default:* t3.medium The instance type to use for your node group. Currently, you can specify a single instance type for a node group. The default value for this parameter is \`t3.medium\`. If you choose a GPU instance type, be sure to specify the \`AL2_x86_64_GPU\` with the amiType parameter. --- ##### \`instanceTypes\`Optional \`\`\`java public java.util.List getInstanceTypes(); \`\`\` - *Type:* java.util.List - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`java public java.util.Map getLabels(); \`\`\` - *Type:* java.util.Map - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launchTemplateSpec\`Optional \`\`\`java public LaunchTemplateSpec getLaunchTemplateSpec(); \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`maxSize\`Optional \`\`\`java public java.lang.Number getMaxSize(); \`\`\` - *Type:* java.lang.Number - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`minSize\`Optional \`\`\`java public java.lang.Number getMinSize(); \`\`\` - *Type:* java.lang.Number - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroupName\`Optional \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String - *Default:* resource ID Name of the Nodegroup. --- ##### \`nodeRole\`Optional \`\`\`java public IRole getNodeRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`releaseVersion\`Optional \`\`\`java public java.lang.String getReleaseVersion(); \`\`\` - *Type:* java.lang.String - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remoteAccess\`Optional \`\`\`java public NodegroupRemoteAccess getRemoteAccess(); \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional \`\`\`java public SubnetSelection getSubnets(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional \`\`\`java public java.util.Map getTags(); \`\`\` - *Type:* java.util.Map - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster Cluster resource. --- ### NodegroupRemoteAccess The remote access (SSH) configuration to use with your node group. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.NodegroupRemoteAccess; NodegroupRemoteAccess.builder() .sshKeyName(java.lang.String) // .sourceSecurityGroups(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | sshKeyName | java.lang.String | The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. | | sourceSecurityGroups | java.util.List | The security groups that are allowed SSH access (port 22) to the worker nodes. | --- ##### \`sshKeyName\`Required \`\`\`java public java.lang.String getSshKeyName(); \`\`\` - *Type:* java.lang.String The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. --- ##### \`sourceSecurityGroups\`Optional \`\`\`java public java.util.List getSourceSecurityGroups(); \`\`\` - *Type:* java.util.List - *Default:* port 22 on the worker nodes is opened to the internet (0.0.0.0/0) The security groups that are allowed SSH access (port 22) to the worker nodes. If you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0). --- ### OpenIdConnectProviderProps Initialization properties for \`OpenIdConnectProvider\`. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.OpenIdConnectProviderProps; OpenIdConnectProviderProps.builder() .url(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | url | java.lang.String | The URL of the identity provider. | --- ##### \`url\`Required \`\`\`java public java.lang.String getUrl(); \`\`\` - *Type:* java.lang.String The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- ### ProviderProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster.ProviderProperty; ProviderProperty.builder() // .keyArn(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | keyArn | java.lang.String | \`CfnCluster.ProviderProperty.KeyArn\`. | --- ##### \`keyArn\`Optional \`\`\`java public java.lang.String getKeyArn(); \`\`\` - *Type:* java.lang.String \`CfnCluster.ProviderProperty.KeyArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn) --- ### RemoteAccessProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup.RemoteAccessProperty; RemoteAccessProperty.builder() .ec2SshKey(java.lang.String) // .sourceSecurityGroups(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ec2SshKey | java.lang.String | \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. | | sourceSecurityGroups | java.util.List | \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. | --- ##### \`ec2SshKey\`Required \`\`\`java public java.lang.String getEc2SshKey(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey) --- ##### \`sourceSecurityGroups\`Optional \`\`\`java public java.util.List getSourceSecurityGroups(); \`\`\` - *Type:* java.util.List \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups) --- ### ResourcesVpcConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnCluster.ResourcesVpcConfigProperty; ResourcesVpcConfigProperty.builder() .subnetIds(java.util.List) // .securityGroupIds(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | subnetIds | java.util.List | \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. | | securityGroupIds | java.util.List | \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. | --- ##### \`subnetIds\`Required \`\`\`java public java.util.List getSubnetIds(); \`\`\` - *Type:* java.util.List \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids) --- ##### \`securityGroupIds\`Optional \`\`\`java public java.util.List getSecurityGroupIds(); \`\`\` - *Type:* java.util.List \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids) --- ### ScalingConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup.ScalingConfigProperty; ScalingConfigProperty.builder() // .desiredSize(java.lang.Number) // .maxSize(java.lang.Number) // .minSize(java.lang.Number) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | desiredSize | java.lang.Number | \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. | | maxSize | java.lang.Number | \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. | | minSize | java.lang.Number | \`CfnNodegroup.ScalingConfigProperty.MinSize\`. | --- ##### \`desiredSize\`Optional \`\`\`java public java.lang.Number getDesiredSize(); \`\`\` - *Type:* java.lang.Number \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize) --- ##### \`maxSize\`Optional \`\`\`java public java.lang.Number getMaxSize(); \`\`\` - *Type:* java.lang.Number \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize) --- ##### \`minSize\`Optional \`\`\`java public java.lang.Number getMinSize(); \`\`\` - *Type:* java.lang.Number \`CfnNodegroup.ScalingConfigProperty.MinSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize) --- ### Selector Fargate profile selector. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.Selector; Selector.builder() .namespace(java.lang.String) // .labels(java.util.Map) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | java.lang.String | The Kubernetes namespace that the selector should match. | | labels | java.util.Map | The Kubernetes labels that the selector should match. | --- ##### \`namespace\`Required \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String The Kubernetes namespace that the selector should match. You must specify a namespace for a selector. The selector only matches pods that are created in this namespace, but you can create multiple selectors to target multiple namespaces. --- ##### \`labels\`Optional \`\`\`java public java.util.Map getLabels(); \`\`\` - *Type:* java.util.Map - *Default:* all pods within the namespace will be selected. The Kubernetes labels that the selector should match. A pod must contain all of the labels that are specified in the selector for it to be considered a match. --- ### SelectorProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnFargateProfile.SelectorProperty; SelectorProperty.builder() .namespace(java.lang.String) // .labels(IResolvable) // .labels(java.util.List) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | java.lang.String | \`CfnFargateProfile.SelectorProperty.Namespace\`. | | labels | software.amazon.awscdk.core.IResolvable OR java.util.List<LabelProperty OR software.amazon.awscdk.core.IResolvable> | \`CfnFargateProfile.SelectorProperty.Labels\`. | --- ##### \`namespace\`Required \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String \`CfnFargateProfile.SelectorProperty.Namespace\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace) --- ##### \`labels\`Optional \`\`\`java public java.lang.Object getLabels(); \`\`\` - *Type:* software.amazon.awscdk.core.IResolvable OR java.util.List<LabelProperty OR software.amazon.awscdk.core.IResolvable> \`CfnFargateProfile.SelectorProperty.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels) --- ### ServiceAccountOptions Options for \`ServiceAccount\`. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ServiceAccountOptions; ServiceAccountOptions.builder() // .name(java.lang.String) // .namespace(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | java.lang.String | The name of the service account. | | namespace | java.lang.String | The namespace of the service account. | --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* "default" The namespace of the service account. --- ### ServiceAccountProps Properties for defining service accounts. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ServiceAccountProps; ServiceAccountProps.builder() // .name(java.lang.String) // .namespace(java.lang.String) .cluster(ICluster) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | java.lang.String | The name of the service account. | | namespace | java.lang.String | The namespace of the service account. | | cluster | ICluster | The cluster to apply the patch to. | --- ##### \`name\`Optional \`\`\`java public java.lang.String getName(); \`\`\` - *Type:* java.lang.String - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* "default" The namespace of the service account. --- ##### \`cluster\`Required \`\`\`java public ICluster getCluster(); \`\`\` - *Type:* ICluster The cluster to apply the patch to. --- ### ServiceLoadBalancerAddressOptions Options for fetching a ServiceLoadBalancerAddress. #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.ServiceLoadBalancerAddressOptions; ServiceLoadBalancerAddressOptions.builder() // .namespace(java.lang.String) // .timeout(Duration) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | java.lang.String | The namespace the service belongs to. | | timeout | software.amazon.awscdk.core.Duration | Timeout for waiting on the load balancer address. | --- ##### \`namespace\`Optional \`\`\`java public java.lang.String getNamespace(); \`\`\` - *Type:* java.lang.String - *Default:* 'default' The namespace the service belongs to. --- ##### \`timeout\`Optional \`\`\`java public Duration getTimeout(); \`\`\` - *Type:* software.amazon.awscdk.core.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- ### TaintProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html) #### Initializer \`\`\`java import software.amazon.awscdk.services.eks.CfnNodegroup.TaintProperty; TaintProperty.builder() // .effect(java.lang.String) // .key(java.lang.String) // .value(java.lang.String) .build(); \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | effect | java.lang.String | \`CfnNodegroup.TaintProperty.Effect\`. | | key | java.lang.String | \`CfnNodegroup.TaintProperty.Key\`. | | value | java.lang.String | \`CfnNodegroup.TaintProperty.Value\`. | --- ##### \`effect\`Optional \`\`\`java public java.lang.String getEffect(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.TaintProperty.Effect\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect) --- ##### \`key\`Optional \`\`\`java public java.lang.String getKey(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.TaintProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key) --- ##### \`value\`Optional \`\`\`java public java.lang.String getValue(); \`\`\` - *Type:* java.lang.String \`CfnNodegroup.TaintProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value) --- ## Classes ### EksOptimizedImage - *Implements:* software.amazon.awscdk.services.ec2.IMachineImage Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM. #### Initializers \`\`\`java import software.amazon.awscdk.services.eks.EksOptimizedImage; EksOptimizedImage.Builder.create() // .cpuArch(CpuArch) // .kubernetesVersion(java.lang.String) // .nodeType(NodeType) .build(); \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | cpuArch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | kubernetesVersion | java.lang.String | The Kubernetes version to use. | | nodeType | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`cpuArch\`Optional - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`kubernetesVersion\`Optional - *Type:* java.lang.String - *Default:* The latest version The Kubernetes version to use. --- ##### \`nodeType\`Optional - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- #### Methods | **Name** | **Description** | | --- | --- | | getImage | Return the correct image. | --- ##### \`getImage\` \`\`\`java public MachineImageConfig getImage(Construct scope) \`\`\` Return the correct image. ###### \`scope\`Required - *Type:* software.amazon.awscdk.core.Construct --- ### EndpointAccess Endpoint access characteristics. #### Methods | **Name** | **Description** | | --- | --- | | onlyFrom | Restrict public access to specific CIDR blocks. | --- ##### \`onlyFrom\` \`\`\`java public EndpointAccess onlyFrom(java.lang.String cidr) \`\`\` Restrict public access to specific CIDR blocks. If public access is disabled, this method will result in an error. ###### \`cidr\`Required - *Type:* java.lang.String CIDR blocks. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | PRIVATE | EndpointAccess | The cluster endpoint is only accessible through your VPC. | | PUBLIC | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | | PUBLIC_AND_PRIVATE | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | --- ##### \`PRIVATE\`Required \`\`\`java public EndpointAccess getPrivate(); \`\`\` - *Type:* EndpointAccess The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC. --- ##### \`PUBLIC\`Required \`\`\`java public EndpointAccess getPublic(); \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic will leave your VPC to connect to the endpoint. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ##### \`PUBLIC_AND_PRIVATE\`Required \`\`\`java public EndpointAccess getPublicAndPrivate(); \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic to the endpoint will stay within your VPC. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC_AND_PRIVATE.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ### KubernetesVersion Kubernetes cluster version. #### Static Functions | **Name** | **Description** | | --- | --- | | of | Custom cluster version. | --- ##### \`of\` \`\`\`java import software.amazon.awscdk.services.eks.KubernetesVersion; KubernetesVersion.of(java.lang.String version) \`\`\` Custom cluster version. ###### \`version\`Required - *Type:* java.lang.String custom version number. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | java.lang.String | cluster version number. | --- ##### \`version\`Required \`\`\`java public java.lang.String getVersion(); \`\`\` - *Type:* java.lang.String cluster version number. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | V1_14 | KubernetesVersion | Kubernetes version 1.14. | | V1_15 | KubernetesVersion | Kubernetes version 1.15. | | V1_16 | KubernetesVersion | Kubernetes version 1.16. | | V1_17 | KubernetesVersion | Kubernetes version 1.17. | | V1_18 | KubernetesVersion | Kubernetes version 1.18. | | V1_19 | KubernetesVersion | Kubernetes version 1.19. | --- ##### \`V1_14\`Required \`\`\`java public KubernetesVersion getV114(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.14. --- ##### \`V1_15\`Required \`\`\`java public KubernetesVersion getV115(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.15. --- ##### \`V1_16\`Required \`\`\`java public KubernetesVersion getV116(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.16. --- ##### \`V1_17\`Required \`\`\`java public KubernetesVersion getV117(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.17. --- ##### \`V1_18\`Required \`\`\`java public KubernetesVersion getV118(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.18. --- ##### \`V1_19\`Required \`\`\`java public KubernetesVersion getV119(); \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.19. --- ## Protocols ### ICluster - *Extends:* software.amazon.awscdk.core.IResource, software.amazon.awscdk.services.ec2.IConnectable - *Implemented By:* Cluster, FargateCluster, ICluster An EKS cluster. #### Methods | **Name** | **Description** | | --- | --- | | addCdk8sChart | Defines a CDK8s chart in this cluster. | | addHelmChart | Defines a Helm chart in this cluster. | | addManifest | Defines a Kubernetes resource in this cluster. | | addServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | --- ##### \`addCdk8sChart\` \`\`\`java public KubernetesManifest addCdk8sChart(java.lang.String id, Construct chart) \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`chart\`Required - *Type:* software.constructs.Construct the cdk8s chart. --- ##### \`addHelmChart\` \`\`\`java public HelmChart addHelmChart(java.lang.String id, HelmChartOptions options) \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* java.lang.String logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`addManifest\` \`\`\`java public KubernetesManifest addManifest(java.lang.String id, java.util.Map manifest) \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* java.lang.String logical id of this manifest. --- ###### \`manifest\`Required - *Type:* java.util.Map a list of Kubernetes resource specifications. --- ##### \`addServiceAccount\` \`\`\`java public ServiceAccount addServiceAccount(java.lang.String id) public ServiceAccount addServiceAccount(java.lang.String id, ServiceAccountOptions options) \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* java.lang.String logical id of service account. --- ###### \`options\`Optional - *Type:* ServiceAccountOptions service account options. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node for this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | connections | software.amazon.awscdk.services.ec2.Connections | *No description.* | | clusterArn | java.lang.String | The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. | | clusterCertificateAuthorityData | java.lang.String | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | java.lang.String | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | java.lang.String | The API Server endpoint URL. | | clusterName | java.lang.String | The physical name of the Cluster. | | clusterSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | clusterSecurityGroupId | java.lang.String | The id of the cluster security group that was created by Amazon EKS for the cluster. | | openIdConnectProvider | software.amazon.awscdk.services.iam.IOpenIdConnectProvider | The Open ID Connect Provider of the cluster used to configure Service Accounts. | | prune | java.lang.Boolean | Indicates whether Kubernetes resources can be automatically pruned. | | vpc | software.amazon.awscdk.services.ec2.IVpc | The VPC in which this Cluster was created. | | kubectlEnvironment | java.util.Map | Custom environment variables when running \`kubectl\` against this cluster. | | kubectlLayer | software.amazon.awscdk.services.lambda.ILayerVersion | An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. | | kubectlMemory | software.amazon.awscdk.core.Size | Amount of memory to allocate to the provider's lambda function. | | kubectlPrivateSubnets | java.util.List | Subnets to host the \`kubectl\` compute resources. | | kubectlRole | software.amazon.awscdk.services.iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectlSecurityGroup | software.amazon.awscdk.services.ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node for this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`connections\`Required \`\`\`java public Connections getConnections(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.Connections --- ##### \`clusterArn\`Required \`\`\`java public java.lang.String getClusterArn(); \`\`\` - *Type:* java.lang.String The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. --- ##### \`clusterCertificateAuthorityData\`Required \`\`\`java public java.lang.String getClusterCertificateAuthorityData(); \`\`\` - *Type:* java.lang.String The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Required \`\`\`java public java.lang.String getClusterEncryptionConfigKeyArn(); \`\`\` - *Type:* java.lang.String Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Required \`\`\`java public java.lang.String getClusterEndpoint(); \`\`\` - *Type:* java.lang.String The API Server endpoint URL. --- ##### \`clusterName\`Required \`\`\`java public java.lang.String getClusterName(); \`\`\` - *Type:* java.lang.String The physical name of the Cluster. --- ##### \`clusterSecurityGroup\`Required \`\`\`java public ISecurityGroup getClusterSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`clusterSecurityGroupId\`Required \`\`\`java public java.lang.String getClusterSecurityGroupId(); \`\`\` - *Type:* java.lang.String The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`openIdConnectProvider\`Required \`\`\`java public IOpenIdConnectProvider getOpenIdConnectProvider(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IOpenIdConnectProvider The Open ID Connect Provider of the cluster used to configure Service Accounts. --- ##### \`prune\`Required \`\`\`java public java.lang.Boolean getPrune(); \`\`\` - *Type:* java.lang.Boolean Indicates whether Kubernetes resources can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`vpc\`Required \`\`\`java public IVpc getVpc(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.IVpc The VPC in which this Cluster was created. --- ##### \`kubectlEnvironment\`Optional \`\`\`java public java.util.Map getKubectlEnvironment(); \`\`\` - *Type:* java.util.Map Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`java public ILayerVersion getKubectlLayer(); \`\`\` - *Type:* software.amazon.awscdk.services.lambda.ILayerVersion An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. If not defined, a default layer will be used. --- ##### \`kubectlMemory\`Optional \`\`\`java public Size getKubectlMemory(); \`\`\` - *Type:* software.amazon.awscdk.core.Size Amount of memory to allocate to the provider's lambda function. --- ##### \`kubectlPrivateSubnets\`Optional \`\`\`java public java.util.List getKubectlPrivateSubnets(); \`\`\` - *Type:* java.util.List Subnets to host the \`kubectl\` compute resources. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ##### \`kubectlRole\`Optional \`\`\`java public IRole getKubectlRole(); \`\`\` - *Type:* software.amazon.awscdk.services.iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectlSecurityGroup\`Optional \`\`\`java public ISecurityGroup getKubectlSecurityGroup(); \`\`\` - *Type:* software.amazon.awscdk.services.ec2.ISecurityGroup A security group to use for \`kubectl\` execution. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ### INodegroup - *Extends:* software.amazon.awscdk.core.IResource - *Implemented By:* Nodegroup, INodegroup NodeGroup interface. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | software.amazon.awscdk.core.ConstructNode | The construct tree node for this construct. | | env | software.amazon.awscdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | software.amazon.awscdk.core.Stack | The stack in which this resource is defined. | | nodegroupName | java.lang.String | Name of the nodegroup. | --- ##### \`node\`Required \`\`\`java public ConstructNode getNode(); \`\`\` - *Type:* software.amazon.awscdk.core.ConstructNode The construct tree node for this construct. --- ##### \`env\`Required \`\`\`java public ResourceEnvironment getEnv(); \`\`\` - *Type:* software.amazon.awscdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`java public Stack getStack(); \`\`\` - *Type:* software.amazon.awscdk.core.Stack The stack in which this resource is defined. --- ##### \`nodegroupName\`Required \`\`\`java public java.lang.String getNodegroupName(); \`\`\` - *Type:* java.lang.String Name of the nodegroup. --- ## Enums ### CapacityType Capacity type of the managed node group. #### Members | **Name** | **Description** | | --- | --- | | SPOT | spot instances. | | ON_DEMAND | on-demand instances. | --- ##### \`SPOT\` spot instances. --- ##### \`ON_DEMAND\` on-demand instances. --- ### CoreDnsComputeType The type of compute resources to use for CoreDNS. #### Members | **Name** | **Description** | | --- | --- | | EC2 | Deploy CoreDNS on EC2 instances. | | FARGATE | Deploy CoreDNS on Fargate-managed instances. | --- ##### \`EC2\` Deploy CoreDNS on EC2 instances. --- ##### \`FARGATE\` Deploy CoreDNS on Fargate-managed instances. --- ### CpuArch CPU architecture. #### Members | **Name** | **Description** | | --- | --- | | ARM_64 | arm64 CPU type. | | X86_64 | x86_64 CPU type. | --- ##### \`ARM_64\` arm64 CPU type. --- ##### \`X86_64\` x86_64 CPU type. --- ### DefaultCapacityType The default capacity type for the cluster. #### Members | **Name** | **Description** | | --- | --- | | NODEGROUP | managed node group. | | EC2 | EC2 autoscaling group. | --- ##### \`NODEGROUP\` managed node group. --- ##### \`EC2\` EC2 autoscaling group. --- ### MachineImageType The machine image type. #### Members | **Name** | **Description** | | --- | --- | | AMAZON_LINUX_2 | Amazon EKS-optimized Linux AMI. | | BOTTLEROCKET | Bottlerocket AMI. | --- ##### \`AMAZON_LINUX_2\` Amazon EKS-optimized Linux AMI. --- ##### \`BOTTLEROCKET\` Bottlerocket AMI. --- ### NodegroupAmiType The AMI type for your node group. GPU instance types should use the \`AL2_x86_64_GPU\` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the \`AL2_x86_64\` AMI type, which uses the Amazon EKS-optimized Linux AMI. #### Members | **Name** | **Description** | | --- | --- | | AL2_X86_64 | Amazon Linux 2 (x86-64). | | AL2_X86_64_GPU | Amazon Linux 2 with GPU support. | | AL2_ARM_64 | Amazon Linux 2 (ARM-64). | --- ##### \`AL2_X86_64\` Amazon Linux 2 (x86-64). --- ##### \`AL2_X86_64_GPU\` Amazon Linux 2 with GPU support. --- ##### \`AL2_ARM_64\` Amazon Linux 2 (ARM-64). --- ### NodeType Whether the worker nodes should support GPU or just standard instances. #### Members | **Name** | **Description** | | --- | --- | | STANDARD | Standard instances. | | GPU | GPU instances. | | INFERENTIA | Inferentia instances. | --- ##### \`STANDARD\` Standard instances. --- ##### \`GPU\` GPU instances. --- ##### \`INFERENTIA\` Inferentia instances. --- ### PatchType Values for \`kubectl patch\` --type argument. #### Members | **Name** | **Description** | | --- | --- | | JSON | JSON Patch, RFC 6902. | | MERGE | JSON Merge patch. | | STRATEGIC | Strategic merge patch. | --- ##### \`JSON\` JSON Patch, RFC 6902. --- ##### \`MERGE\` JSON Merge patch. --- ##### \`STRATEGIC\` Strategic merge patch. --- " `; exports[`package installation does not run lifecycle hooks, includes optional dependencies 1`] = ` "# construct-library This is a test project to make sure the \`jsii-docgen\` cli property renders API documentation for construct libraries. # API Reference ## Constructs ### GreeterBucket #### Initializers \`\`\`typescript import { GreeterBucket } from 'construct-library' new GreeterBucket(scope: Construct, id: string, props?: BucketProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | @aws-cdk/aws-s3.BucketProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Optional - *Type:* @aws-cdk/aws-s3.BucketProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addEventNotification | Adds a bucket notification event destination. | | addObjectCreatedNotification | Subscribes a destination to receive notifications when an object is created in the bucket. | | addObjectRemovedNotification | Subscribes a destination to receive notifications when an object is removed from the bucket. | | addToResourcePolicy | Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use \`bucketArn\` and \`arnForObjects(keys)\` to obtain ARNs for this bucket or objects. | | arnForObjects | Returns an ARN that represents all objects within the bucket that match the key pattern specified. | | grantDelete | Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket. | | grantPublicAccess | Allows unrestricted access to objects from this bucket. | | grantPut | Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal. | | grantPutAcl | Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket. | | grantRead | Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User). | | grantReadWrite | Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User). | | grantWrite | Grant write permissions to this bucket to an IAM principal. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailPutObject | Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call. | | onCloudTrailWriteObject | Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to. | | s3UrlForObject | The S3 URL of an S3 object. For example:. | | transferAccelerationUrlForObject | The https Transfer Acceleration URL of an S3 object. | | urlForObject | The https URL of an S3 object. Specify \`regional: false\` at the options for non-regional URLs. For example:. | | virtualHostedUrlForObject | The virtual hosted-style URL of an S3 object. Specify \`regional: false\` at the options for non-regional URL. For example:. | | addCorsRule | Adds a cross-origin access configuration for objects in an Amazon S3 bucket. | | addInventory | Add an inventory configuration. | | addLifecycleRule | Add a lifecycle rule to the bucket. | | addMetric | Adds a metrics configuration for the CloudWatch request metrics from the bucket. | | greet | *No description.* | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy: RemovalPolicy): void \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DESTROY\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* @aws-cdk/core.RemovalPolicy --- ##### \`addEventNotification\` \`\`\`typescript public addEventNotification(event: EventType, dest: IBucketNotificationDestination, filters: NotificationKeyFilter): void \`\`\` Adds a bucket notification event destination. > [https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html) *Example* \`\`\`typescript declare const myLambda: lambda.Function; const bucket = new s3.Bucket(this, 'MyBucket'); bucket.addEventNotification(s3.EventType.OBJECT_CREATED, new s3n.LambdaDestination(myLambda), {prefix: 'home/myusername/*'}); \`\`\` ###### \`event\`Required - *Type:* @aws-cdk/aws-s3.EventType The event to trigger the notification. --- ###### \`dest\`Required - *Type:* @aws-cdk/aws-s3.IBucketNotificationDestination The notification destination (Lambda, SNS Topic or SQS Queue). --- ###### \`filters\`Required - *Type:* @aws-cdk/aws-s3.NotificationKeyFilter S3 object key filter rules to determine which objects trigger this event. Each filter must include a \`prefix\` and/or \`suffix\` that will be matched against the s3 object key. Refer to the S3 Developer Guide for details about allowed filter rules. --- ##### \`addObjectCreatedNotification\` \`\`\`typescript public addObjectCreatedNotification(dest: IBucketNotificationDestination, filters: NotificationKeyFilter): void \`\`\` Subscribes a destination to receive notifications when an object is created in the bucket. This is identical to calling \`onEvent(EventType.OBJECT_CREATED)\`. ###### \`dest\`Required - *Type:* @aws-cdk/aws-s3.IBucketNotificationDestination The notification destination (see onEvent). --- ###### \`filters\`Required - *Type:* @aws-cdk/aws-s3.NotificationKeyFilter Filters (see onEvent). --- ##### \`addObjectRemovedNotification\` \`\`\`typescript public addObjectRemovedNotification(dest: IBucketNotificationDestination, filters: NotificationKeyFilter): void \`\`\` Subscribes a destination to receive notifications when an object is removed from the bucket. This is identical to calling \`onEvent(EventType.OBJECT_REMOVED)\`. ###### \`dest\`Required - *Type:* @aws-cdk/aws-s3.IBucketNotificationDestination The notification destination (see onEvent). --- ###### \`filters\`Required - *Type:* @aws-cdk/aws-s3.NotificationKeyFilter Filters (see onEvent). --- ##### \`addToResourcePolicy\` \`\`\`typescript public addToResourcePolicy(permission: PolicyStatement): AddToResourcePolicyResult \`\`\` Adds a statement to the resource policy for a principal (i.e. account/role/service) to perform actions on this bucket and/or its contents. Use \`bucketArn\` and \`arnForObjects(keys)\` to obtain ARNs for this bucket or objects. Note that the policy statement may or may not be added to the policy. For example, when an \`IBucket\` is created from an existing bucket, it's not possible to tell whether the bucket already has a policy attached, let alone to re-use that policy to add more statements to it. So it's safest to do nothing in these cases. ###### \`permission\`Required - *Type:* @aws-cdk/aws-iam.PolicyStatement the policy statement to be added to the bucket's policy. --- ##### \`arnForObjects\` \`\`\`typescript public arnForObjects(keyPattern: string): string \`\`\` Returns an ARN that represents all objects within the bucket that match the key pattern specified. To represent all keys, specify \`\`"*"\`\`. If you need to specify a keyPattern with multiple components, concatenate them into a single string, e.g.: arnForObjects(\`home/\${team}/\${user}/*\`) ###### \`keyPattern\`Required - *Type:* string --- ##### \`grantDelete\` \`\`\`typescript public grantDelete(identity: IGrantable, objectsKeyPattern?: any): Grant \`\`\` Grants s3:DeleteObject* permission to an IAM principal for objects in this bucket. ###### \`identity\`Required - *Type:* @aws-cdk/aws-iam.IGrantable The principal. --- ###### \`objectsKeyPattern\`Optional - *Type:* any Restrict the permission to a certain key pattern (default '*'). --- ##### \`grantPublicAccess\` \`\`\`typescript public grantPublicAccess(allowedActions: string, keyPrefix?: string): Grant \`\`\` Allows unrestricted access to objects from this bucket. IMPORTANT: This permission allows anyone to perform actions on S3 objects in this bucket, which is useful for when you configure your bucket as a website and want everyone to be able to read objects in the bucket without needing to authenticate. Without arguments, this method will grant read ("s3:GetObject") access to all objects ("*") in the bucket. The method returns the \`iam.Grant\` object, which can then be modified as needed. For example, you can add a condition that will restrict access only to an IPv4 range like this: const grant = bucket.grantPublicAccess(); grant.resourceStatement!.addCondition(‘IpAddress’, { “aws:SourceIp”: “54.240.143.0/24” }); Note that if this \`IBucket\` refers to an existing bucket, possibly not managed by CloudFormation, this method will have no effect, since it's impossible to modify the policy of an existing bucket. ###### \`allowedActions\`Required - *Type:* string the set of S3 actions to allow. Default is "s3:GetObject". --- ###### \`keyPrefix\`Optional - *Type:* string the prefix of S3 object keys (e.g. \`home/*\`). Default is "*". --- ##### \`grantPut\` \`\`\`typescript public grantPut(identity: IGrantable, objectsKeyPattern?: any): Grant \`\`\` Grants s3:PutObject* and s3:Abort* permissions for this bucket to an IAM principal. If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal. ###### \`identity\`Required - *Type:* @aws-cdk/aws-iam.IGrantable The principal. --- ###### \`objectsKeyPattern\`Optional - *Type:* any Restrict the permission to a certain key pattern (default '*'). --- ##### \`grantPutAcl\` \`\`\`typescript public grantPutAcl(identity: IGrantable, objectsKeyPattern?: string): Grant \`\`\` Grant the given IAM identity permissions to modify the ACLs of objects in the given Bucket. If your application has the '@aws-cdk/aws-s3:grantWriteWithoutAcl' feature flag set, calling {@link grantWrite} or {@link grantReadWrite} no longer grants permissions to modify the ACLs of the objects; in this case, if you need to modify object ACLs, call this method explicitly. ###### \`identity\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ###### \`objectsKeyPattern\`Optional - *Type:* string --- ##### \`grantRead\` \`\`\`typescript public grantRead(identity: IGrantable, objectsKeyPattern?: any): Grant \`\`\` Grant read permissions for this bucket and it's contents to an IAM principal (Role/Group/User). If encryption is used, permission to use the key to decrypt the contents of the bucket will also be granted to the same principal. ###### \`identity\`Required - *Type:* @aws-cdk/aws-iam.IGrantable The principal. --- ###### \`objectsKeyPattern\`Optional - *Type:* any Restrict the permission to a certain key pattern (default '*'). --- ##### \`grantReadWrite\` \`\`\`typescript public grantReadWrite(identity: IGrantable, objectsKeyPattern?: any): Grant \`\`\` Grants read/write permissions for this bucket and it's contents to an IAM principal (Role/Group/User). If an encryption key is used, permission to use the key for encrypt/decrypt will also be granted. Before CDK version 1.85.0, this method granted the \`s3:PutObject*\` permission that included \`s3:PutObjectAcl\`, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the \`@aws-cdk/aws-s3:grantWriteWithoutAcl\` feature flag is set to \`true\` in the \`context\` key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the {@link grantPutAcl} method. ###### \`identity\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ###### \`objectsKeyPattern\`Optional - *Type:* any --- ##### \`grantWrite\` \`\`\`typescript public grantWrite(identity: IGrantable, objectsKeyPattern?: any): Grant \`\`\` Grant write permissions to this bucket to an IAM principal. If encryption is used, permission to use the key to encrypt the contents of written files will also be granted to the same principal. Before CDK version 1.85.0, this method granted the \`s3:PutObject*\` permission that included \`s3:PutObjectAcl\`, which could be used to grant read/write object access to IAM principals in other accounts. If you want to get rid of that behavior, update your CDK version to 1.85.0 or later, and make sure the \`@aws-cdk/aws-s3:grantWriteWithoutAcl\` feature flag is set to \`true\` in the \`context\` key of your cdk.json file. If you've already updated, but still need the principal to have permissions to modify the ACLs, use the {@link grantPutAcl} method. ###### \`identity\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ###### \`objectsKeyPattern\`Optional - *Type:* any --- ##### \`onCloudTrailEvent\` \`\`\`typescript public onCloudTrailEvent(id: string, options?: OnCloudTrailBucketEventOptions): Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-s3.OnCloudTrailBucketEventOptions Options for adding the rule. --- ##### \`onCloudTrailPutObject\` \`\`\`typescript public onCloudTrailPutObject(id: string, options?: OnCloudTrailBucketEventOptions): Rule \`\`\` Defines an AWS CloudWatch event that triggers when an object is uploaded to the specified paths (keys) in this bucket using the PutObject API call. Note that some tools like \`aws s3 cp\` will automatically use either PutObject or the multipart upload API depending on the file size, so using \`onCloudTrailWriteObject\` may be preferable. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-s3.OnCloudTrailBucketEventOptions Options for adding the rule. --- ##### \`onCloudTrailWriteObject\` \`\`\`typescript public onCloudTrailWriteObject(id: string, options?: OnCloudTrailBucketEventOptions): Rule \`\`\` Defines an AWS CloudWatch event that triggers when an object at the specified paths (keys) in this bucket are written to. This includes the events PutObject, CopyObject, and CompleteMultipartUpload. Note that some tools like \`aws s3 cp\` will automatically use either PutObject or the multipart upload API depending on the file size, so using this method may be preferable to \`onCloudTrailPutObject\`. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-s3.OnCloudTrailBucketEventOptions Options for adding the rule. --- ##### \`s3UrlForObject\` \`\`\`typescript public s3UrlForObject(key?: string): string \`\`\` The S3 URL of an S3 object. For example:. \`s3://onlybucket\` - \`s3://bucket/key\` ###### \`key\`Optional - *Type:* string The S3 key of the object. If not specified, the S3 URL of the bucket is returned. --- ##### \`transferAccelerationUrlForObject\` \`\`\`typescript public transferAccelerationUrlForObject(key?: string, options?: TransferAccelerationUrlOptions): string \`\`\` The https Transfer Acceleration URL of an S3 object. Specify \`dualStack: true\` at the options for dual-stack endpoint (connect to the bucket over IPv6). For example: - \`https://bucket.s3-accelerate.amazonaws.com\` - \`https://bucket.s3-accelerate.amazonaws.com/key\` ###### \`key\`Optional - *Type:* string The S3 key of the object. If not specified, the URL of the bucket is returned. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-s3.TransferAccelerationUrlOptions Options for generating URL. --- ##### \`urlForObject\` \`\`\`typescript public urlForObject(key?: string): string \`\`\` The https URL of an S3 object. Specify \`regional: false\` at the options for non-regional URLs. For example:. \`https://s3.us-west-1.amazonaws.com/onlybucket\` - \`https://s3.us-west-1.amazonaws.com/bucket/key\` - \`https://s3.cn-north-1.amazonaws.com.cn/china-bucket/mykey\` ###### \`key\`Optional - *Type:* string The S3 key of the object. If not specified, the URL of the bucket is returned. --- ##### \`virtualHostedUrlForObject\` \`\`\`typescript public virtualHostedUrlForObject(key?: string, options?: VirtualHostedStyleUrlOptions): string \`\`\` The virtual hosted-style URL of an S3 object. Specify \`regional: false\` at the options for non-regional URL. For example:. \`https://only-bucket.s3.us-west-1.amazonaws.com\` - \`https://bucket.s3.us-west-1.amazonaws.com/key\` - \`https://bucket.s3.amazonaws.com/key\` - \`https://china-bucket.s3.cn-north-1.amazonaws.com.cn/mykey\` ###### \`key\`Optional - *Type:* string The S3 key of the object. If not specified, the URL of the bucket is returned. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-s3.VirtualHostedStyleUrlOptions Options for generating URL. --- ##### \`addCorsRule\` \`\`\`typescript public addCorsRule(rule: CorsRule): void \`\`\` Adds a cross-origin access configuration for objects in an Amazon S3 bucket. ###### \`rule\`Required - *Type:* @aws-cdk/aws-s3.CorsRule The CORS configuration rule to add. --- ##### \`addInventory\` \`\`\`typescript public addInventory(inventory: Inventory): void \`\`\` Add an inventory configuration. ###### \`inventory\`Required - *Type:* @aws-cdk/aws-s3.Inventory configuration to add. --- ##### \`addLifecycleRule\` \`\`\`typescript public addLifecycleRule(rule: LifecycleRule): void \`\`\` Add a lifecycle rule to the bucket. ###### \`rule\`Required - *Type:* @aws-cdk/aws-s3.LifecycleRule The rule to add. --- ##### \`addMetric\` \`\`\`typescript public addMetric(metric: BucketMetrics): void \`\`\` Adds a metrics configuration for the CloudWatch request metrics from the bucket. ###### \`metric\`Required - *Type:* @aws-cdk/aws-s3.BucketMetrics The metric configuration to add. --- ##### \`greet\` \`\`\`typescript public greet(): void \`\`\` #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | | fromBucketArn | *No description.* | | fromBucketAttributes | Creates a Bucket construct that represents an external bucket. | | fromBucketName | *No description.* | | validateBucketName | Thrown an exception if the given bucket name is not valid. | --- ##### \`isConstruct\` \`\`\`typescript import { GreeterBucket } from 'construct-library' GreeterBucket.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isResource\` \`\`\`typescript import { GreeterBucket } from 'construct-library' GreeterBucket.isResource(construct: IConstruct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* @aws-cdk/core.IConstruct --- ##### \`fromBucketArn\` \`\`\`typescript import { GreeterBucket } from 'construct-library' GreeterBucket.fromBucketArn(scope: Construct, id: string, bucketArn: string) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* string --- ###### \`bucketArn\`Required - *Type:* string --- ##### \`fromBucketAttributes\` \`\`\`typescript import { GreeterBucket } from 'construct-library' GreeterBucket.fromBucketAttributes(scope: Construct, id: string, attrs: BucketAttributes) \`\`\` Creates a Bucket construct that represents an external bucket. ###### \`scope\`Required - *Type:* constructs.Construct The parent creating construct (usually \`this\`). --- ###### \`id\`Required - *Type:* string The construct's name. --- ###### \`attrs\`Required - *Type:* @aws-cdk/aws-s3.BucketAttributes A \`BucketAttributes\` object. Can be obtained from a call to \`bucket.export()\` or manually created. --- ##### \`fromBucketName\` \`\`\`typescript import { GreeterBucket } from 'construct-library' GreeterBucket.fromBucketName(scope: Construct, id: string, bucketName: string) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* string --- ###### \`bucketName\`Required - *Type:* string --- ##### \`validateBucketName\` \`\`\`typescript import { GreeterBucket } from 'construct-library' GreeterBucket.validateBucketName(physicalName: string) \`\`\` Thrown an exception if the given bucket name is not valid. ###### \`physicalName\`Required - *Type:* string name of the bucket. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | env | @aws-cdk/core.ResourceEnvironment | The environment this resource belongs to. | | stack | @aws-cdk/core.Stack | The stack in which this resource is defined. | | bucketArn | string | The ARN of the bucket. | | bucketDomainName | string | The IPv4 DNS name of the specified bucket. | | bucketDualStackDomainName | string | The IPv6 DNS name of the specified bucket. | | bucketName | string | The name of the bucket. | | bucketRegionalDomainName | string | The regional domain name of the specified bucket. | | bucketWebsiteDomainName | string | The Domain name of the static website. | | bucketWebsiteUrl | string | The URL of the static website. | | encryptionKey | @aws-cdk/aws-kms.IKey | Optional KMS encryption key associated with this bucket. | | isWebsite | boolean | If this bucket has been configured for static website hosting. | | policy | @aws-cdk/aws-s3.BucketPolicy | The resource policy associated with this bucket. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* @aws-cdk/core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this resource is defined. --- ##### \`bucketArn\`Required \`\`\`typescript public readonly bucketArn: string; \`\`\` - *Type:* string The ARN of the bucket. --- ##### \`bucketDomainName\`Required \`\`\`typescript public readonly bucketDomainName: string; \`\`\` - *Type:* string The IPv4 DNS name of the specified bucket. --- ##### \`bucketDualStackDomainName\`Required \`\`\`typescript public readonly bucketDualStackDomainName: string; \`\`\` - *Type:* string The IPv6 DNS name of the specified bucket. --- ##### \`bucketName\`Required \`\`\`typescript public readonly bucketName: string; \`\`\` - *Type:* string The name of the bucket. --- ##### \`bucketRegionalDomainName\`Required \`\`\`typescript public readonly bucketRegionalDomainName: string; \`\`\` - *Type:* string The regional domain name of the specified bucket. --- ##### \`bucketWebsiteDomainName\`Required \`\`\`typescript public readonly bucketWebsiteDomainName: string; \`\`\` - *Type:* string The Domain name of the static website. --- ##### \`bucketWebsiteUrl\`Required \`\`\`typescript public readonly bucketWebsiteUrl: string; \`\`\` - *Type:* string The URL of the static website. --- ##### \`encryptionKey\`Optional \`\`\`typescript public readonly encryptionKey: IKey; \`\`\` - *Type:* @aws-cdk/aws-kms.IKey Optional KMS encryption key associated with this bucket. --- ##### \`isWebsite\`Optional \`\`\`typescript public readonly isWebsite: boolean; \`\`\` - *Type:* boolean If this bucket has been configured for static website hosting. --- ##### \`policy\`Optional \`\`\`typescript public readonly policy: BucketPolicy; \`\`\` - *Type:* @aws-cdk/aws-s3.BucketPolicy The resource policy associated with this bucket. If \`autoCreatePolicy\` is true, a \`BucketPolicy\` will be created upon the first call to addToResourcePolicy(s). --- " `; exports[`package installation uses --force when EBADPLATFORM is encountered 1`] = ` "# AWS Firewall Construct A simple AWS VPC Firewall with one stateless rule and one stateful rule to meet the AWS Config Network Firewall Conformance. Stateful rules group can be further extend with Suricata rules as text file ## Stateless rule group Allows only TCP:80 and TCP:443 ## Stateful rule group Allows only whitelisted domains: * .docker.com * .aws.amazon.com * .amazonaws.com * downloads.nessus.org * plugins.nessus.org * .fedoraproject.org * .duosecurity.com * crl3.digicert.com * crl.godaddy.com * certificate.godaddy.com # Example use case 1. Create a new folder \`network-firewall\` in the same level as \`cdk-construct\` 1. Initialize a CDK app using command \`cdk new app --language=typescript\` 2. In the \`bin/network-firewall.ts\` \`\`\` #!/usr/bin/env node import 'source-map-support/register'; import * as cdk from 'aws-cdk-lib'; import { NetworkFirewallStack } from '../lib/network-firewall-stack'; const app = new cdk.App(); new NetworkFirewallStack(app, 'NetworkFirewallStack', { // needs the account and region for the Vpc lookup env: { region: process.env.CDK_DEFAULT_REGION, account: process.env.CDK_DEFAULT_ACCOUNT, }, }); \`\`\` 4. Create a Suricata text file in \`lib/rules.txt\` as below. More examples can be found in https://suricata.readthedocs.io/en/suricata-6.0.2/rules/intro.html \`\`\` pass ip 10.1.0.0/16 any -> 10.0.0.0/16 any (sid:100;) drop ip any any <> any any (sid:101;) alert tcp any any -> 1.1.1.1/32 80 (sid:102;msg:"example message";) drop tls $HOME_NET any -> $EXTERNAL_NET any (tls.sni; content:"example.com"; startswith; nocase; endswith; msg:"matching TLS denylisted FQDNs"; priority:1; flow:to_server, established; sid:103; rev:1;) drop http $HOME_NET any -> $EXTERNAL_NET any (http.host; content:"example.com"; startswith; endswith; msg:"matching HTTP denylisted FQDNs"; priority:1; flow:to_server, established; sid:104; rev:1;) \`\`\` 3. In the \`lib/network-firewall-stack.ts\` \`\`\` import * as cdk from 'aws-cdk-lib'; import { Construct } from 'constructs'; import * as fwconstruct from '../../cdk-constructs/firewall-distributed-vpc' export class NetworkFirewallStack extends cdk.Stack { constructor(scope: Construct, id: string, props?: cdk.StackProps) { super(scope, id, props); const vpc:cdk.aws_ec2.IVpc = cdk.aws_ec2.Vpc.fromLookup(this,"fwVpc", { vpcId: }); const subnet = [ cdk.aws_ec2.Subnet.fromSubnetId(this, "subnet1", ), cdk.aws_ec2.Subnet.fromSubnetId(this, "subnet2", ) ] new fwconstruct.FirewallDistributedVpc(this,'fw',{ vpc: vpc, subnetList: subnet, rulesFile: ["./lib/rules.txt"] }) } } \`\`\` # Validate with Config Conformance Pack To ensure network firewall conformance, [deploy the conformance pack](https://docs.aws.amazon.com/config/latest/developerguide/conformance-pack-cli.html) using [Network Firewall Conformance Pack](https://github.com/awslabs/aws-config-rules/blob/master/aws-config-conformance-packs/Security-Best-Practices-for-Network-Firewall.yaml). ## Check the config rule conformation 1. Get the rule names \`\`\` % aws configservice describe-config-rules --query 'ConfigRules[*].ConfigRuleName' [ "netfw-policy-default-action-fragment-packets-conformance-pack-ilk1uyn2w", "netfw-policy-default-action-full-packets-conformance-pack-ilk1uyn2w", "netfw-policy-rule-group-associated-conformance-pack-ilk1uyn2w", "netfw-stateless-rule-group-not-empty-conformance-pack-ilk1uyn2w" ] \`\`\` 2. Query the compliance details \`\`\` aws configservice get-compliance-details-by-config-rule --config-rule-name netfw-policy-default-action-fragment-packets-conformance-pack-ilk1uyn2w --query 'EvaluationResults[*].ComplianceType' [ "COMPLIANT" ] \`\`\` # API Reference ## Constructs ### NetworkFirewallDistributedConstruct #### Initializers \`\`\`typescript import { NetworkFirewallDistributedConstruct } from '@richkang/cdk-construct-network-firewall-textfile-rules' new NetworkFirewallDistributedConstruct(scope: Construct, id: string, props: INetworkFirewallDistributedConstructProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | INetworkFirewallDistributedConstructProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* INetworkFirewallDistributedConstructProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | buildRulesSourcePropertyFromFile | *No description.* | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`buildRulesSourcePropertyFromFile\` \`\`\`typescript public buildRulesSourcePropertyFromFile(filenameList: string[], rulesVariable: RuleVariablesProperty): CfnRuleGroup[] \`\`\` ###### \`filenameList\`Required - *Type:* string[] --- ###### \`rulesVariable\`Required - *Type:* aws-cdk-lib.aws_networkfirewall.CfnRuleGroup.RuleVariablesProperty --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### \`isConstruct\` \`\`\`typescript import { NetworkFirewallDistributedConstruct } from '@richkang/cdk-construct-network-firewall-textfile-rules' NetworkFirewallDistributedConstruct.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. Use this method instead of \`instanceof\` to properly detect \`Construct\` instances, even when the construct library is symlinked. Explanation: in JavaScript, multiple copies of the \`constructs\` library on disk are seen as independent, completely different libraries. As a consequence, the class \`Construct\` in each copy of the \`constructs\` library is seen as a different class, and an instance of one class will not test as \`instanceof\` the other class. \`npm install\` will not create installations like this, but users may manually symlink construct libraries together or use a monorepo tool: in those cases, multiple copies of the \`constructs\` library can be accidentally installed, and \`instanceof\` will behave unpredictably. It is safest to avoid using \`instanceof\`, and using this type-testing method instead. ###### \`x\`Required - *Type:* any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | firewall | aws-cdk-lib.aws_networkfirewall.CfnFirewall | *No description.* | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`firewall\`Required \`\`\`typescript public readonly firewall: CfnFirewall; \`\`\` - *Type:* aws-cdk-lib.aws_networkfirewall.CfnFirewall --- ## Protocols ### INetworkFirewallDistributedConstructProps - *Implemented By:* INetworkFirewallDistributedConstructProps #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | subnetList | aws-cdk-lib.aws_ec2.ISubnet[] | *No description.* | | vpc | aws-cdk-lib.aws_ec2.IVpc | *No description.* | | rulesFile | string[] | *No description.* | --- ##### \`subnetList\`Required \`\`\`typescript public readonly subnetList: ISubnet[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISubnet[] --- ##### \`vpc\`Required \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc --- ##### \`rulesFile\`Optional \`\`\`typescript public readonly rulesFile: string[]; \`\`\` - *Type:* string[] --- " `; exports[`python for package 1`] = ` { "apiReference": { "classes": [ { "constants": [], "displayName": "AuthorizationToken", "docs": { "links": [ "https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html", ], "summary": "Authorization token to access private ECR repositories in the current environment via Docker CLI.", }, "fqn": "aws_cdk.aws_ecr.AuthorizationToken", "id": "@aws-cdk/aws-ecr.AuthorizationToken", "initializer": undefined, "instanceMethods": [], "interfaces": [], "properties": [], "staticMethods": [ { "displayName": "grant_read", "docs": { "summary": "Grant access to retrieve an authorization token.", }, "fqn": "aws_cdk.aws_ecr.AuthorizationToken.grant_read", "id": "@aws-cdk/aws-ecr.AuthorizationToken.grantRead", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.AuthorizationToken.grant_read.parameter.grantee", "id": "@aws-cdk/aws-ecr.AuthorizationToken.grantRead.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.AuthorizationToken.grant_read( grantee: IGrantable )", }, ], }, { "constants": [], "displayName": "PublicGalleryAuthorizationToken", "docs": { "links": [ "https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth", ], "summary": "Authorization token to access the global public ECR Gallery via Docker CLI.", }, "fqn": "aws_cdk.aws_ecr.PublicGalleryAuthorizationToken", "id": "@aws-cdk/aws-ecr.PublicGalleryAuthorizationToken", "initializer": undefined, "instanceMethods": [], "interfaces": [], "properties": [], "staticMethods": [ { "displayName": "grant_read", "docs": { "summary": "Grant access to retrieve an authorization token.", }, "fqn": "aws_cdk.aws_ecr.PublicGalleryAuthorizationToken.grant_read", "id": "@aws-cdk/aws-ecr.PublicGalleryAuthorizationToken.grantRead", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.PublicGalleryAuthorizationToken.grant_read.parameter.grantee", "id": "@aws-cdk/aws-ecr.PublicGalleryAuthorizationToken.grantRead.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.PublicGalleryAuthorizationToken.grant_read( grantee: IGrantable )", }, ], }, ], "constructs": [ { "constants": [ { "const": true, "default": undefined, "displayName": "CFN_RESOURCE_TYPE_NAME", "docs": { "summary": "The CloudFormation resource type name for this resource class.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.CFN_RESOURCE_TYPE_NAME", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.CFN_RESOURCE_TYPE_NAME", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "CFN_RESOURCE_TYPE_NAME: str", }, ], "displayName": "CfnPublicRepository", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html", ], "summary": "A CloudFormation \`AWS::ECR::PublicRepository\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository", "id": "@aws-cdk/aws-ecr.CfnPublicRepository", "initializer": { "displayName": "Initializer", "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.Initializer", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.Initializer", "parameters": [ { "default": undefined, "displayName": "scope", "docs": { "summary": "- scope in which this resource is defined.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.Initializer.parameter.scope", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.Initializer.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Construct", "fqn": "aws_cdk.core.Construct", "id": "@aws-cdk/core.Construct", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "id", "docs": { "summary": "- scoped id of the resource.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.Initializer.parameter.id", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.Initializer.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "repository_catalog_data", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata", ], "summary": "\`AWS::ECR::PublicRepository.RepositoryCatalogData\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.Initializer.parameter.repository_catalog_data", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.Initializer.parameter.repositoryCatalogData", "optional": true, "type": { "formattingPattern": "typing.Any", }, }, { "default": undefined, "displayName": "repository_name", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname", ], "summary": "\`AWS::ECR::PublicRepository.RepositoryName\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.Initializer.parameter.repository_name", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.Initializer.parameter.repositoryName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "repository_policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext", ], "summary": "\`AWS::ECR::PublicRepository.RepositoryPolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.Initializer.parameter.repository_policy_text", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.Initializer.parameter.repositoryPolicyText", "optional": true, "type": { "formattingPattern": "typing.Any", }, }, { "default": undefined, "displayName": "tags", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags", ], "summary": "\`AWS::ECR::PublicRepository.Tags\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.Initializer.parameter.tags", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.Initializer.parameter.tags", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "CfnTag", "fqn": "aws_cdk.core.CfnTag", "id": "@aws-cdk/core.CfnTag", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository( scope: Construct, id: str, repository_catalog_data: typing.Any = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None )", }, "instanceMethods": [ { "displayName": "to_string", "docs": { "summary": "Returns a string representation of this construct.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.to_string", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.toString", "parameters": [], "usage": "def to_string() -> str", }, { "displayName": "override_logical_id", "docs": { "summary": "Overrides the auto-generated logical ID with a specific ID.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.override_logical_id", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.overrideLogicalId", "parameters": [ { "default": undefined, "displayName": "new_logical_id", "docs": { "summary": "The new logical ID to use for this stack element.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.override_logical_id.parameter.new_logical_id", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.overrideLogicalId.parameter.newLogicalId", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def override_logical_id( new_logical_id: str ) -> None", }, { "displayName": "add_deletion_override", "docs": { "summary": "Syntactic sugar for \`addOverride(path, undefined)\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_deletion_override", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addDeletionOverride", "parameters": [ { "default": undefined, "displayName": "path", "docs": { "summary": "The path of the value to delete.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_deletion_override.parameter.path", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addDeletionOverride.parameter.path", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def add_deletion_override( path: str ) -> None", }, { "displayName": "add_depends_on", "docs": { "remarks": "This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.", "summary": "Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_depends_on", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addDependsOn", "parameters": [ { "default": undefined, "displayName": "target", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_depends_on.parameter.target", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addDependsOn.parameter.target", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "CfnResource", "fqn": "aws_cdk.core.CfnResource", "id": "@aws-cdk/core.CfnResource", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def add_depends_on( target: CfnResource ) -> None", }, { "displayName": "add_metadata", "docs": { "links": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.", ], "summary": "Add a value to the CloudFormation Resource Metadata.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_metadata", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addMetadata", "parameters": [ { "default": undefined, "displayName": "key", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_metadata.parameter.key", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addMetadata.parameter.key", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_metadata.parameter.value", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addMetadata.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_metadata( key: str, value: typing.Any ) -> None", }, { "displayName": "add_override", "docs": { "remarks": "To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\`", "summary": "Adds an override to the synthesized CloudFormation resource.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_override", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addOverride", "parameters": [ { "default": undefined, "displayName": "path", "docs": { "remarks": "Any intermdediate keys will be created as needed.", "summary": "- The path of the property, you can use dot notation to override values in complex types.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_override.parameter.path", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addOverride.parameter.path", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": { "remarks": "Could be primitive or complex.", "summary": "- The value.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_override.parameter.value", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addOverride.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_override( path: str, value: typing.Any ) -> None", }, { "displayName": "add_property_deletion_override", "docs": { "summary": "Adds an override that deletes the value of a property from the resource definition.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_property_deletion_override", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addPropertyDeletionOverride", "parameters": [ { "default": undefined, "displayName": "property_path", "docs": { "summary": "The path to the property.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_property_deletion_override.parameter.property_path", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addPropertyDeletionOverride.parameter.propertyPath", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def add_property_deletion_override( property_path: str ) -> None", }, { "displayName": "add_property_override", "docs": { "remarks": "Syntactic sugar for \`addOverride("Properties.<...>", value)\`.", "summary": "Adds an override to a resource property.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_property_override", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addPropertyOverride", "parameters": [ { "default": undefined, "displayName": "property_path", "docs": { "summary": "The path of the property.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_property_override.parameter.property_path", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addPropertyOverride.parameter.propertyPath", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": { "summary": "The value.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.add_property_override.parameter.value", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.addPropertyOverride.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_property_override( property_path: str, value: typing.Any ) -> None", }, { "displayName": "apply_removal_policy", "docs": { "summary": "Sets the deletion policy of the resource based on the removal policy specified.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.apply_removal_policy", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.applyRemovalPolicy", "parameters": [ { "default": undefined, "displayName": "policy", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.apply_removal_policy.parameter.policy", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.applyRemovalPolicy.parameter.policy", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": "true", "displayName": "apply_to_update_replace_policy", "docs": { "summary": "Apply the same deletion policy to the resource's "UpdateReplacePolicy".", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.apply_removal_policy.parameter.apply_to_update_replace_policy", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.applyRemovalPolicy.parameter.applyToUpdateReplacePolicy", "optional": true, "type": { "formattingPattern": "bool", }, }, { "default": "- Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation.", "displayName": "default", "docs": { "summary": "The default policy to apply in case the removal policy is not defined.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.apply_removal_policy.parameter.default", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.applyRemovalPolicy.parameter.default", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None", }, { "displayName": "get_att", "docs": { "remarks": "Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute.", "summary": "Returns a token for an runtime attribute of this resource.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.get_att", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.getAtt", "parameters": [ { "default": undefined, "displayName": "attribute_name", "docs": { "summary": "The name of the attribute.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.get_att.parameter.attribute_name", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.getAtt.parameter.attributeName", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def get_att( attribute_name: str ) -> Reference", }, { "displayName": "get_metadata", "docs": { "links": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.", ], "summary": "Retrieve a value value from the CloudFormation Resource Metadata.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.get_metadata", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.getMetadata", "parameters": [ { "default": undefined, "displayName": "key", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.get_metadata.parameter.key", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.getMetadata.parameter.key", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def get_metadata( key: str ) -> typing.Any", }, { "displayName": "inspect", "docs": { "summary": "Examines the CloudFormation resource and discloses attributes.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.inspect", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.inspect", "parameters": [ { "default": undefined, "displayName": "inspector", "docs": { "summary": "- tree inspector to collect and process attributes.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.inspect.parameter.inspector", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.inspect.parameter.inspector", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "TreeInspector", "fqn": "aws_cdk.core.TreeInspector", "id": "@aws-cdk/core.TreeInspector", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def inspect( inspector: TreeInspector ) -> None", }, ], "interfaces": [ { "displayName": "IInspectable", "fqn": "aws_cdk.core.IInspectable", "id": "@aws-cdk/core.IInspectable", "packageName": "@aws-cdk/core", "packageVersion": "1.106.0", }, ], "properties": [ { "default": undefined, "displayName": "node", "docs": { "summary": "The construct tree node associated with this construct.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.node", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.node", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ConstructNode", "fqn": "aws_cdk.core.ConstructNode", "id": "@aws-cdk/core.ConstructNode", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "node: ConstructNode", }, { "default": undefined, "displayName": "creation_stack", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.creation_stack", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.creationStack", "optional": undefined, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, "usage": "creation_stack: typing.List[str]", }, { "default": undefined, "displayName": "logical_id", "docs": { "remarks": "The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`.", "summary": "The logical ID for this CloudFormation stack element.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.logical_id", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.logicalId", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "logical_id: str", }, { "default": undefined, "displayName": "stack", "docs": { "remarks": "CfnElements must be defined within a stack scope (directly or indirectly).", "summary": "The stack in which this element is defined.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.stack", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.stack", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Stack", "fqn": "aws_cdk.core.Stack", "id": "@aws-cdk/core.Stack", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "stack: Stack", }, { "default": undefined, "displayName": "ref", "docs": { "remarks": "If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`.", "summary": "Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.ref", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.ref", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "ref: str", }, { "default": undefined, "displayName": "cfn_options", "docs": { "summary": "Options for this resource, such as condition, update policy etc.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.cfn_options", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.cfnOptions", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ICfnResourceOptions", "fqn": "aws_cdk.core.ICfnResourceOptions", "id": "@aws-cdk/core.ICfnResourceOptions", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "cfn_options: ICfnResourceOptions", }, { "default": undefined, "displayName": "cfn_resource_type", "docs": { "summary": "AWS resource type.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.cfn_resource_type", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.cfnResourceType", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "cfn_resource_type: str", }, { "default": undefined, "displayName": "attr_arn", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.attr_arn", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.attrArn", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "attr_arn: str", }, { "default": undefined, "displayName": "tags", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags", ], "summary": "\`AWS::ECR::PublicRepository.Tags\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.tags", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.tags", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "TagManager", "fqn": "aws_cdk.core.TagManager", "id": "@aws-cdk/core.TagManager", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "tags: TagManager", }, { "default": undefined, "displayName": "repository_catalog_data", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata", ], "summary": "\`AWS::ECR::PublicRepository.RepositoryCatalogData\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.repository_catalog_data", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.repositoryCatalogData", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, "usage": "repository_catalog_data: typing.Any", }, { "default": undefined, "displayName": "repository_policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext", ], "summary": "\`AWS::ECR::PublicRepository.RepositoryPolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.repository_policy_text", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.repositoryPolicyText", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, "usage": "repository_policy_text: typing.Any", }, { "default": undefined, "displayName": "repository_name", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname", ], "summary": "\`AWS::ECR::PublicRepository.RepositoryName\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.property.repository_name", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.property.repositoryName", "optional": true, "type": { "formattingPattern": "str", }, "usage": "repository_name: str", }, ], "staticMethods": [ { "displayName": "is_construct", "docs": { "summary": "Return whether the given object is a Construct.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.is_construct", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.isConstruct", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.is_construct.parameter.x", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.isConstruct.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository.is_construct( x: typing.Any )", }, { "displayName": "is_cfn_element", "docs": { "remarks": "Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack.", "summary": "Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template).", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_element", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.isCfnElement", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_element.parameter.x", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.isCfnElement.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_element( x: typing.Any )", }, { "displayName": "is_cfn_resource", "docs": { "summary": "Check whether the given construct is a CfnResource.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_resource", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.isCfnResource", "parameters": [ { "default": undefined, "displayName": "construct", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_resource.parameter.construct", "id": "@aws-cdk/aws-ecr.CfnPublicRepository.isCfnResource.parameter.construct", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IConstruct", "fqn": "constructs.IConstruct", "id": "constructs.IConstruct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_resource( construct: IConstruct )", }, ], }, { "constants": [ { "const": true, "default": undefined, "displayName": "CFN_RESOURCE_TYPE_NAME", "docs": { "summary": "The CloudFormation resource type name for this resource class.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.CFN_RESOURCE_TYPE_NAME", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.CFN_RESOURCE_TYPE_NAME", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "CFN_RESOURCE_TYPE_NAME: str", }, ], "displayName": "CfnRegistryPolicy", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html", ], "summary": "A CloudFormation \`AWS::ECR::RegistryPolicy\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy", "initializer": { "displayName": "Initializer", "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.Initializer", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.Initializer", "parameters": [ { "default": undefined, "displayName": "scope", "docs": { "summary": "- scope in which this resource is defined.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.Initializer.parameter.scope", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.Initializer.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Construct", "fqn": "aws_cdk.core.Construct", "id": "@aws-cdk/core.Construct", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "id", "docs": { "summary": "- scoped id of the resource.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.Initializer.parameter.id", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.Initializer.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext", ], "summary": "\`AWS::ECR::RegistryPolicy.PolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.Initializer.parameter.policy_text", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.Initializer.parameter.policyText", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy( scope: Construct, id: str, policy_text: typing.Any )", }, "instanceMethods": [ { "displayName": "to_string", "docs": { "summary": "Returns a string representation of this construct.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.to_string", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.toString", "parameters": [], "usage": "def to_string() -> str", }, { "displayName": "override_logical_id", "docs": { "summary": "Overrides the auto-generated logical ID with a specific ID.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.override_logical_id", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.overrideLogicalId", "parameters": [ { "default": undefined, "displayName": "new_logical_id", "docs": { "summary": "The new logical ID to use for this stack element.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.override_logical_id.parameter.new_logical_id", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.overrideLogicalId.parameter.newLogicalId", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def override_logical_id( new_logical_id: str ) -> None", }, { "displayName": "add_deletion_override", "docs": { "summary": "Syntactic sugar for \`addOverride(path, undefined)\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_deletion_override", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addDeletionOverride", "parameters": [ { "default": undefined, "displayName": "path", "docs": { "summary": "The path of the value to delete.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_deletion_override.parameter.path", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addDeletionOverride.parameter.path", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def add_deletion_override( path: str ) -> None", }, { "displayName": "add_depends_on", "docs": { "remarks": "This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.", "summary": "Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_depends_on", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addDependsOn", "parameters": [ { "default": undefined, "displayName": "target", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_depends_on.parameter.target", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addDependsOn.parameter.target", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "CfnResource", "fqn": "aws_cdk.core.CfnResource", "id": "@aws-cdk/core.CfnResource", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def add_depends_on( target: CfnResource ) -> None", }, { "displayName": "add_metadata", "docs": { "links": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.", ], "summary": "Add a value to the CloudFormation Resource Metadata.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_metadata", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addMetadata", "parameters": [ { "default": undefined, "displayName": "key", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_metadata.parameter.key", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addMetadata.parameter.key", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_metadata.parameter.value", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addMetadata.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_metadata( key: str, value: typing.Any ) -> None", }, { "displayName": "add_override", "docs": { "remarks": "To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\`", "summary": "Adds an override to the synthesized CloudFormation resource.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_override", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addOverride", "parameters": [ { "default": undefined, "displayName": "path", "docs": { "remarks": "Any intermdediate keys will be created as needed.", "summary": "- The path of the property, you can use dot notation to override values in complex types.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_override.parameter.path", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addOverride.parameter.path", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": { "remarks": "Could be primitive or complex.", "summary": "- The value.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_override.parameter.value", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addOverride.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_override( path: str, value: typing.Any ) -> None", }, { "displayName": "add_property_deletion_override", "docs": { "summary": "Adds an override that deletes the value of a property from the resource definition.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_property_deletion_override", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addPropertyDeletionOverride", "parameters": [ { "default": undefined, "displayName": "property_path", "docs": { "summary": "The path to the property.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_property_deletion_override.parameter.property_path", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addPropertyDeletionOverride.parameter.propertyPath", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def add_property_deletion_override( property_path: str ) -> None", }, { "displayName": "add_property_override", "docs": { "remarks": "Syntactic sugar for \`addOverride("Properties.<...>", value)\`.", "summary": "Adds an override to a resource property.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_property_override", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addPropertyOverride", "parameters": [ { "default": undefined, "displayName": "property_path", "docs": { "summary": "The path of the property.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_property_override.parameter.property_path", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addPropertyOverride.parameter.propertyPath", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": { "summary": "The value.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.add_property_override.parameter.value", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.addPropertyOverride.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_property_override( property_path: str, value: typing.Any ) -> None", }, { "displayName": "apply_removal_policy", "docs": { "summary": "Sets the deletion policy of the resource based on the removal policy specified.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.apply_removal_policy", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.applyRemovalPolicy", "parameters": [ { "default": undefined, "displayName": "policy", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.apply_removal_policy.parameter.policy", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.applyRemovalPolicy.parameter.policy", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": "true", "displayName": "apply_to_update_replace_policy", "docs": { "summary": "Apply the same deletion policy to the resource's "UpdateReplacePolicy".", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.apply_removal_policy.parameter.apply_to_update_replace_policy", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.applyRemovalPolicy.parameter.applyToUpdateReplacePolicy", "optional": true, "type": { "formattingPattern": "bool", }, }, { "default": "- Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation.", "displayName": "default", "docs": { "summary": "The default policy to apply in case the removal policy is not defined.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.apply_removal_policy.parameter.default", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.applyRemovalPolicy.parameter.default", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None", }, { "displayName": "get_att", "docs": { "remarks": "Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute.", "summary": "Returns a token for an runtime attribute of this resource.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.get_att", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.getAtt", "parameters": [ { "default": undefined, "displayName": "attribute_name", "docs": { "summary": "The name of the attribute.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.get_att.parameter.attribute_name", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.getAtt.parameter.attributeName", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def get_att( attribute_name: str ) -> Reference", }, { "displayName": "get_metadata", "docs": { "links": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.", ], "summary": "Retrieve a value value from the CloudFormation Resource Metadata.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.get_metadata", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.getMetadata", "parameters": [ { "default": undefined, "displayName": "key", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.get_metadata.parameter.key", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.getMetadata.parameter.key", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def get_metadata( key: str ) -> typing.Any", }, { "displayName": "inspect", "docs": { "summary": "Examines the CloudFormation resource and discloses attributes.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.inspect", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.inspect", "parameters": [ { "default": undefined, "displayName": "inspector", "docs": { "summary": "- tree inspector to collect and process attributes.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.inspect.parameter.inspector", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.inspect.parameter.inspector", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "TreeInspector", "fqn": "aws_cdk.core.TreeInspector", "id": "@aws-cdk/core.TreeInspector", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def inspect( inspector: TreeInspector ) -> None", }, ], "interfaces": [ { "displayName": "IInspectable", "fqn": "aws_cdk.core.IInspectable", "id": "@aws-cdk/core.IInspectable", "packageName": "@aws-cdk/core", "packageVersion": "1.106.0", }, ], "properties": [ { "default": undefined, "displayName": "node", "docs": { "summary": "The construct tree node associated with this construct.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.node", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.node", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ConstructNode", "fqn": "aws_cdk.core.ConstructNode", "id": "@aws-cdk/core.ConstructNode", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "node: ConstructNode", }, { "default": undefined, "displayName": "creation_stack", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.creation_stack", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.creationStack", "optional": undefined, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, "usage": "creation_stack: typing.List[str]", }, { "default": undefined, "displayName": "logical_id", "docs": { "remarks": "The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`.", "summary": "The logical ID for this CloudFormation stack element.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.logical_id", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.logicalId", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "logical_id: str", }, { "default": undefined, "displayName": "stack", "docs": { "remarks": "CfnElements must be defined within a stack scope (directly or indirectly).", "summary": "The stack in which this element is defined.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.stack", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.stack", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Stack", "fqn": "aws_cdk.core.Stack", "id": "@aws-cdk/core.Stack", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "stack: Stack", }, { "default": undefined, "displayName": "ref", "docs": { "remarks": "If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`.", "summary": "Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.ref", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.ref", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "ref: str", }, { "default": undefined, "displayName": "cfn_options", "docs": { "summary": "Options for this resource, such as condition, update policy etc.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.cfn_options", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.cfnOptions", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ICfnResourceOptions", "fqn": "aws_cdk.core.ICfnResourceOptions", "id": "@aws-cdk/core.ICfnResourceOptions", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "cfn_options: ICfnResourceOptions", }, { "default": undefined, "displayName": "cfn_resource_type", "docs": { "summary": "AWS resource type.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.cfn_resource_type", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.cfnResourceType", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "cfn_resource_type: str", }, { "default": undefined, "displayName": "attr_registry_id", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.attr_registry_id", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.attrRegistryId", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "attr_registry_id: str", }, { "default": undefined, "displayName": "policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext", ], "summary": "\`AWS::ECR::RegistryPolicy.PolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.property.policy_text", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.property.policyText", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, "usage": "policy_text: typing.Any", }, ], "staticMethods": [ { "displayName": "is_construct", "docs": { "summary": "Return whether the given object is a Construct.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.is_construct", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.isConstruct", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.is_construct.parameter.x", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.isConstruct.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy.is_construct( x: typing.Any )", }, { "displayName": "is_cfn_element", "docs": { "remarks": "Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack.", "summary": "Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template).", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_element", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.isCfnElement", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_element.parameter.x", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.isCfnElement.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_element( x: typing.Any )", }, { "displayName": "is_cfn_resource", "docs": { "summary": "Check whether the given construct is a CfnResource.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_resource", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.isCfnResource", "parameters": [ { "default": undefined, "displayName": "construct", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_resource.parameter.construct", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicy.isCfnResource.parameter.construct", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IConstruct", "fqn": "constructs.IConstruct", "id": "constructs.IConstruct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_resource( construct: IConstruct )", }, ], }, { "constants": [ { "const": true, "default": undefined, "displayName": "CFN_RESOURCE_TYPE_NAME", "docs": { "summary": "The CloudFormation resource type name for this resource class.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.CFN_RESOURCE_TYPE_NAME", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.CFN_RESOURCE_TYPE_NAME", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "CFN_RESOURCE_TYPE_NAME: str", }, ], "displayName": "CfnReplicationConfiguration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html", ], "summary": "A CloudFormation \`AWS::ECR::ReplicationConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration", "initializer": { "displayName": "Initializer", "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.Initializer", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.Initializer", "parameters": [ { "default": undefined, "displayName": "scope", "docs": { "summary": "- scope in which this resource is defined.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.Initializer.parameter.scope", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.Initializer.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Construct", "fqn": "aws_cdk.core.Construct", "id": "@aws-cdk/core.Construct", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "id", "docs": { "summary": "- scoped id of the resource.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.Initializer.parameter.id", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.Initializer.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "replication_configuration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration", ], "summary": "\`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.Initializer.parameter.replication_configuration", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.Initializer.parameter.replicationConfiguration", "optional": undefined, "type": { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "%", "types": [ { "displayName": "ReplicationConfigurationProperty", "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration( scope: Construct, id: str, replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] )", }, "instanceMethods": [ { "displayName": "to_string", "docs": { "summary": "Returns a string representation of this construct.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.to_string", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.toString", "parameters": [], "usage": "def to_string() -> str", }, { "displayName": "override_logical_id", "docs": { "summary": "Overrides the auto-generated logical ID with a specific ID.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.override_logical_id", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.overrideLogicalId", "parameters": [ { "default": undefined, "displayName": "new_logical_id", "docs": { "summary": "The new logical ID to use for this stack element.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.override_logical_id.parameter.new_logical_id", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.overrideLogicalId.parameter.newLogicalId", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def override_logical_id( new_logical_id: str ) -> None", }, { "displayName": "add_deletion_override", "docs": { "summary": "Syntactic sugar for \`addOverride(path, undefined)\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_deletion_override", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addDeletionOverride", "parameters": [ { "default": undefined, "displayName": "path", "docs": { "summary": "The path of the value to delete.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_deletion_override.parameter.path", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addDeletionOverride.parameter.path", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def add_deletion_override( path: str ) -> None", }, { "displayName": "add_depends_on", "docs": { "remarks": "This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.", "summary": "Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_depends_on", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addDependsOn", "parameters": [ { "default": undefined, "displayName": "target", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_depends_on.parameter.target", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addDependsOn.parameter.target", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "CfnResource", "fqn": "aws_cdk.core.CfnResource", "id": "@aws-cdk/core.CfnResource", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def add_depends_on( target: CfnResource ) -> None", }, { "displayName": "add_metadata", "docs": { "links": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.", ], "summary": "Add a value to the CloudFormation Resource Metadata.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_metadata", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addMetadata", "parameters": [ { "default": undefined, "displayName": "key", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_metadata.parameter.key", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addMetadata.parameter.key", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_metadata.parameter.value", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addMetadata.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_metadata( key: str, value: typing.Any ) -> None", }, { "displayName": "add_override", "docs": { "remarks": "To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\`", "summary": "Adds an override to the synthesized CloudFormation resource.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_override", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addOverride", "parameters": [ { "default": undefined, "displayName": "path", "docs": { "remarks": "Any intermdediate keys will be created as needed.", "summary": "- The path of the property, you can use dot notation to override values in complex types.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_override.parameter.path", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addOverride.parameter.path", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": { "remarks": "Could be primitive or complex.", "summary": "- The value.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_override.parameter.value", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addOverride.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_override( path: str, value: typing.Any ) -> None", }, { "displayName": "add_property_deletion_override", "docs": { "summary": "Adds an override that deletes the value of a property from the resource definition.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_property_deletion_override", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addPropertyDeletionOverride", "parameters": [ { "default": undefined, "displayName": "property_path", "docs": { "summary": "The path to the property.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_property_deletion_override.parameter.property_path", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addPropertyDeletionOverride.parameter.propertyPath", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def add_property_deletion_override( property_path: str ) -> None", }, { "displayName": "add_property_override", "docs": { "remarks": "Syntactic sugar for \`addOverride("Properties.<...>", value)\`.", "summary": "Adds an override to a resource property.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_property_override", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addPropertyOverride", "parameters": [ { "default": undefined, "displayName": "property_path", "docs": { "summary": "The path of the property.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_property_override.parameter.property_path", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addPropertyOverride.parameter.propertyPath", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": { "summary": "The value.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.add_property_override.parameter.value", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.addPropertyOverride.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_property_override( property_path: str, value: typing.Any ) -> None", }, { "displayName": "apply_removal_policy", "docs": { "summary": "Sets the deletion policy of the resource based on the removal policy specified.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.apply_removal_policy", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.applyRemovalPolicy", "parameters": [ { "default": undefined, "displayName": "policy", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.apply_removal_policy.parameter.policy", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.applyRemovalPolicy.parameter.policy", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": "true", "displayName": "apply_to_update_replace_policy", "docs": { "summary": "Apply the same deletion policy to the resource's "UpdateReplacePolicy".", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.apply_removal_policy.parameter.apply_to_update_replace_policy", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.applyRemovalPolicy.parameter.applyToUpdateReplacePolicy", "optional": true, "type": { "formattingPattern": "bool", }, }, { "default": "- Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation.", "displayName": "default", "docs": { "summary": "The default policy to apply in case the removal policy is not defined.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.apply_removal_policy.parameter.default", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.applyRemovalPolicy.parameter.default", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None", }, { "displayName": "get_att", "docs": { "remarks": "Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute.", "summary": "Returns a token for an runtime attribute of this resource.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.get_att", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.getAtt", "parameters": [ { "default": undefined, "displayName": "attribute_name", "docs": { "summary": "The name of the attribute.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.get_att.parameter.attribute_name", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.getAtt.parameter.attributeName", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def get_att( attribute_name: str ) -> Reference", }, { "displayName": "get_metadata", "docs": { "links": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.", ], "summary": "Retrieve a value value from the CloudFormation Resource Metadata.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.get_metadata", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.getMetadata", "parameters": [ { "default": undefined, "displayName": "key", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.get_metadata.parameter.key", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.getMetadata.parameter.key", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def get_metadata( key: str ) -> typing.Any", }, { "displayName": "inspect", "docs": { "summary": "Examines the CloudFormation resource and discloses attributes.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.inspect", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.inspect", "parameters": [ { "default": undefined, "displayName": "inspector", "docs": { "summary": "- tree inspector to collect and process attributes.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.inspect.parameter.inspector", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.inspect.parameter.inspector", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "TreeInspector", "fqn": "aws_cdk.core.TreeInspector", "id": "@aws-cdk/core.TreeInspector", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def inspect( inspector: TreeInspector ) -> None", }, ], "interfaces": [ { "displayName": "IInspectable", "fqn": "aws_cdk.core.IInspectable", "id": "@aws-cdk/core.IInspectable", "packageName": "@aws-cdk/core", "packageVersion": "1.106.0", }, ], "properties": [ { "default": undefined, "displayName": "node", "docs": { "summary": "The construct tree node associated with this construct.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.node", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.node", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ConstructNode", "fqn": "aws_cdk.core.ConstructNode", "id": "@aws-cdk/core.ConstructNode", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "node: ConstructNode", }, { "default": undefined, "displayName": "creation_stack", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.creation_stack", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.creationStack", "optional": undefined, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, "usage": "creation_stack: typing.List[str]", }, { "default": undefined, "displayName": "logical_id", "docs": { "remarks": "The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`.", "summary": "The logical ID for this CloudFormation stack element.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.logical_id", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.logicalId", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "logical_id: str", }, { "default": undefined, "displayName": "stack", "docs": { "remarks": "CfnElements must be defined within a stack scope (directly or indirectly).", "summary": "The stack in which this element is defined.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.stack", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.stack", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Stack", "fqn": "aws_cdk.core.Stack", "id": "@aws-cdk/core.Stack", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "stack: Stack", }, { "default": undefined, "displayName": "ref", "docs": { "remarks": "If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`.", "summary": "Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.ref", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.ref", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "ref: str", }, { "default": undefined, "displayName": "cfn_options", "docs": { "summary": "Options for this resource, such as condition, update policy etc.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.cfn_options", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.cfnOptions", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ICfnResourceOptions", "fqn": "aws_cdk.core.ICfnResourceOptions", "id": "@aws-cdk/core.ICfnResourceOptions", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "cfn_options: ICfnResourceOptions", }, { "default": undefined, "displayName": "cfn_resource_type", "docs": { "summary": "AWS resource type.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.cfn_resource_type", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.cfnResourceType", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "cfn_resource_type: str", }, { "default": undefined, "displayName": "attr_registry_id", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.attr_registry_id", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.attrRegistryId", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "attr_registry_id: str", }, { "default": undefined, "displayName": "replication_configuration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration", ], "summary": "\`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.property.replication_configuration", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.property.replicationConfiguration", "optional": undefined, "type": { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "%", "types": [ { "displayName": "ReplicationConfigurationProperty", "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, "usage": "replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty]", }, ], "staticMethods": [ { "displayName": "is_construct", "docs": { "summary": "Return whether the given object is a Construct.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.is_construct", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.isConstruct", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.is_construct.parameter.x", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.isConstruct.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.is_construct( x: typing.Any )", }, { "displayName": "is_cfn_element", "docs": { "remarks": "Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack.", "summary": "Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template).", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_element", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.isCfnElement", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_element.parameter.x", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.isCfnElement.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_element( x: typing.Any )", }, { "displayName": "is_cfn_resource", "docs": { "summary": "Check whether the given construct is a CfnResource.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_resource", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.isCfnResource", "parameters": [ { "default": undefined, "displayName": "construct", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_resource.parameter.construct", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.isCfnResource.parameter.construct", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IConstruct", "fqn": "constructs.IConstruct", "id": "constructs.IConstruct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_resource( construct: IConstruct )", }, ], }, { "constants": [ { "const": true, "default": undefined, "displayName": "CFN_RESOURCE_TYPE_NAME", "docs": { "summary": "The CloudFormation resource type name for this resource class.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.CFN_RESOURCE_TYPE_NAME", "id": "@aws-cdk/aws-ecr.CfnRepository.property.CFN_RESOURCE_TYPE_NAME", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "CFN_RESOURCE_TYPE_NAME: str", }, ], "displayName": "CfnRepository", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html", ], "summary": "A CloudFormation \`AWS::ECR::Repository\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository", "id": "@aws-cdk/aws-ecr.CfnRepository", "initializer": { "displayName": "Initializer", "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer", "parameters": [ { "default": undefined, "displayName": "scope", "docs": { "summary": "- scope in which this resource is defined.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer.parameter.scope", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Construct", "fqn": "aws_cdk.core.Construct", "id": "@aws-cdk/core.Construct", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "id", "docs": { "summary": "- scoped id of the resource.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer.parameter.id", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "encryption_configuration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration", ], "summary": "\`AWS::ECR::Repository.EncryptionConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer.parameter.encryption_configuration", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer.parameter.encryptionConfiguration", "optional": true, "type": { "formattingPattern": "typing.Any", }, }, { "default": undefined, "displayName": "image_scanning_configuration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration", ], "summary": "\`AWS::ECR::Repository.ImageScanningConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer.parameter.image_scanning_configuration", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer.parameter.imageScanningConfiguration", "optional": true, "type": { "formattingPattern": "typing.Any", }, }, { "default": undefined, "displayName": "image_tag_mutability", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability", ], "summary": "\`AWS::ECR::Repository.ImageTagMutability\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer.parameter.image_tag_mutability", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer.parameter.imageTagMutability", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "lifecycle_policy", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy", ], "summary": "\`AWS::ECR::Repository.LifecyclePolicy\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer.parameter.lifecycle_policy", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer.parameter.lifecyclePolicy", "optional": true, "type": { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "%", "types": [ { "displayName": "LifecyclePolicyProperty", "fqn": "aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty", "id": "@aws-cdk/aws-ecr.CfnRepository.LifecyclePolicyProperty", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, }, { "default": undefined, "displayName": "repository_name", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname", ], "summary": "\`AWS::ECR::Repository.RepositoryName\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer.parameter.repository_name", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer.parameter.repositoryName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "repository_policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext", ], "summary": "\`AWS::ECR::Repository.RepositoryPolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer.parameter.repository_policy_text", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer.parameter.repositoryPolicyText", "optional": true, "type": { "formattingPattern": "typing.Any", }, }, { "default": undefined, "displayName": "tags", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags", ], "summary": "\`AWS::ECR::Repository.Tags\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.Initializer.parameter.tags", "id": "@aws-cdk/aws-ecr.CfnRepository.Initializer.parameter.tags", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "CfnTag", "fqn": "aws_cdk.core.CfnTag", "id": "@aws-cdk/core.CfnTag", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository( scope: Construct, id: str, encryption_configuration: typing.Any = None, image_scanning_configuration: typing.Any = None, image_tag_mutability: str = None, lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None )", }, "instanceMethods": [ { "displayName": "to_string", "docs": { "summary": "Returns a string representation of this construct.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.to_string", "id": "@aws-cdk/aws-ecr.CfnRepository.toString", "parameters": [], "usage": "def to_string() -> str", }, { "displayName": "override_logical_id", "docs": { "summary": "Overrides the auto-generated logical ID with a specific ID.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.override_logical_id", "id": "@aws-cdk/aws-ecr.CfnRepository.overrideLogicalId", "parameters": [ { "default": undefined, "displayName": "new_logical_id", "docs": { "summary": "The new logical ID to use for this stack element.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.override_logical_id.parameter.new_logical_id", "id": "@aws-cdk/aws-ecr.CfnRepository.overrideLogicalId.parameter.newLogicalId", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def override_logical_id( new_logical_id: str ) -> None", }, { "displayName": "add_deletion_override", "docs": { "summary": "Syntactic sugar for \`addOverride(path, undefined)\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_deletion_override", "id": "@aws-cdk/aws-ecr.CfnRepository.addDeletionOverride", "parameters": [ { "default": undefined, "displayName": "path", "docs": { "summary": "The path of the value to delete.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_deletion_override.parameter.path", "id": "@aws-cdk/aws-ecr.CfnRepository.addDeletionOverride.parameter.path", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def add_deletion_override( path: str ) -> None", }, { "displayName": "add_depends_on", "docs": { "remarks": "This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope.", "summary": "Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_depends_on", "id": "@aws-cdk/aws-ecr.CfnRepository.addDependsOn", "parameters": [ { "default": undefined, "displayName": "target", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_depends_on.parameter.target", "id": "@aws-cdk/aws-ecr.CfnRepository.addDependsOn.parameter.target", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "CfnResource", "fqn": "aws_cdk.core.CfnResource", "id": "@aws-cdk/core.CfnResource", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def add_depends_on( target: CfnResource ) -> None", }, { "displayName": "add_metadata", "docs": { "links": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.", ], "summary": "Add a value to the CloudFormation Resource Metadata.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_metadata", "id": "@aws-cdk/aws-ecr.CfnRepository.addMetadata", "parameters": [ { "default": undefined, "displayName": "key", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_metadata.parameter.key", "id": "@aws-cdk/aws-ecr.CfnRepository.addMetadata.parameter.key", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_metadata.parameter.value", "id": "@aws-cdk/aws-ecr.CfnRepository.addMetadata.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_metadata( key: str, value: typing.Any ) -> None", }, { "displayName": "add_override", "docs": { "remarks": "To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\`", "summary": "Adds an override to the synthesized CloudFormation resource.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_override", "id": "@aws-cdk/aws-ecr.CfnRepository.addOverride", "parameters": [ { "default": undefined, "displayName": "path", "docs": { "remarks": "Any intermdediate keys will be created as needed.", "summary": "- The path of the property, you can use dot notation to override values in complex types.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_override.parameter.path", "id": "@aws-cdk/aws-ecr.CfnRepository.addOverride.parameter.path", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": { "remarks": "Could be primitive or complex.", "summary": "- The value.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_override.parameter.value", "id": "@aws-cdk/aws-ecr.CfnRepository.addOverride.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_override( path: str, value: typing.Any ) -> None", }, { "displayName": "add_property_deletion_override", "docs": { "summary": "Adds an override that deletes the value of a property from the resource definition.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_property_deletion_override", "id": "@aws-cdk/aws-ecr.CfnRepository.addPropertyDeletionOverride", "parameters": [ { "default": undefined, "displayName": "property_path", "docs": { "summary": "The path to the property.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_property_deletion_override.parameter.property_path", "id": "@aws-cdk/aws-ecr.CfnRepository.addPropertyDeletionOverride.parameter.propertyPath", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def add_property_deletion_override( property_path: str ) -> None", }, { "displayName": "add_property_override", "docs": { "remarks": "Syntactic sugar for \`addOverride("Properties.<...>", value)\`.", "summary": "Adds an override to a resource property.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_property_override", "id": "@aws-cdk/aws-ecr.CfnRepository.addPropertyOverride", "parameters": [ { "default": undefined, "displayName": "property_path", "docs": { "summary": "The path of the property.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_property_override.parameter.property_path", "id": "@aws-cdk/aws-ecr.CfnRepository.addPropertyOverride.parameter.propertyPath", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "value", "docs": { "summary": "The value.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.add_property_override.parameter.value", "id": "@aws-cdk/aws-ecr.CfnRepository.addPropertyOverride.parameter.value", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "def add_property_override( property_path: str, value: typing.Any ) -> None", }, { "displayName": "apply_removal_policy", "docs": { "summary": "Sets the deletion policy of the resource based on the removal policy specified.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.apply_removal_policy", "id": "@aws-cdk/aws-ecr.CfnRepository.applyRemovalPolicy", "parameters": [ { "default": undefined, "displayName": "policy", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.apply_removal_policy.parameter.policy", "id": "@aws-cdk/aws-ecr.CfnRepository.applyRemovalPolicy.parameter.policy", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": "true", "displayName": "apply_to_update_replace_policy", "docs": { "summary": "Apply the same deletion policy to the resource's "UpdateReplacePolicy".", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.apply_removal_policy.parameter.apply_to_update_replace_policy", "id": "@aws-cdk/aws-ecr.CfnRepository.applyRemovalPolicy.parameter.applyToUpdateReplacePolicy", "optional": true, "type": { "formattingPattern": "bool", }, }, { "default": "- Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation.", "displayName": "default", "docs": { "summary": "The default policy to apply in case the removal policy is not defined.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.apply_removal_policy.parameter.default", "id": "@aws-cdk/aws-ecr.CfnRepository.applyRemovalPolicy.parameter.default", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None", }, { "displayName": "get_att", "docs": { "remarks": "Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute.", "summary": "Returns a token for an runtime attribute of this resource.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.get_att", "id": "@aws-cdk/aws-ecr.CfnRepository.getAtt", "parameters": [ { "default": undefined, "displayName": "attribute_name", "docs": { "summary": "The name of the attribute.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.get_att.parameter.attribute_name", "id": "@aws-cdk/aws-ecr.CfnRepository.getAtt.parameter.attributeName", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def get_att( attribute_name: str ) -> Reference", }, { "displayName": "get_metadata", "docs": { "links": [ "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.", ], "summary": "Retrieve a value value from the CloudFormation Resource Metadata.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.get_metadata", "id": "@aws-cdk/aws-ecr.CfnRepository.getMetadata", "parameters": [ { "default": undefined, "displayName": "key", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.get_metadata.parameter.key", "id": "@aws-cdk/aws-ecr.CfnRepository.getMetadata.parameter.key", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def get_metadata( key: str ) -> typing.Any", }, { "displayName": "inspect", "docs": { "summary": "Examines the CloudFormation resource and discloses attributes.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.inspect", "id": "@aws-cdk/aws-ecr.CfnRepository.inspect", "parameters": [ { "default": undefined, "displayName": "inspector", "docs": { "summary": "- tree inspector to collect and process attributes.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.inspect.parameter.inspector", "id": "@aws-cdk/aws-ecr.CfnRepository.inspect.parameter.inspector", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "TreeInspector", "fqn": "aws_cdk.core.TreeInspector", "id": "@aws-cdk/core.TreeInspector", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def inspect( inspector: TreeInspector ) -> None", }, ], "interfaces": [ { "displayName": "IInspectable", "fqn": "aws_cdk.core.IInspectable", "id": "@aws-cdk/core.IInspectable", "packageName": "@aws-cdk/core", "packageVersion": "1.106.0", }, ], "properties": [ { "default": undefined, "displayName": "node", "docs": { "summary": "The construct tree node associated with this construct.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.node", "id": "@aws-cdk/aws-ecr.CfnRepository.property.node", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ConstructNode", "fqn": "aws_cdk.core.ConstructNode", "id": "@aws-cdk/core.ConstructNode", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "node: ConstructNode", }, { "default": undefined, "displayName": "creation_stack", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.creation_stack", "id": "@aws-cdk/aws-ecr.CfnRepository.property.creationStack", "optional": undefined, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, "usage": "creation_stack: typing.List[str]", }, { "default": undefined, "displayName": "logical_id", "docs": { "remarks": "The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`.", "summary": "The logical ID for this CloudFormation stack element.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.logical_id", "id": "@aws-cdk/aws-ecr.CfnRepository.property.logicalId", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "logical_id: str", }, { "default": undefined, "displayName": "stack", "docs": { "remarks": "CfnElements must be defined within a stack scope (directly or indirectly).", "summary": "The stack in which this element is defined.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.stack", "id": "@aws-cdk/aws-ecr.CfnRepository.property.stack", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Stack", "fqn": "aws_cdk.core.Stack", "id": "@aws-cdk/core.Stack", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "stack: Stack", }, { "default": undefined, "displayName": "ref", "docs": { "remarks": "If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`.", "summary": "Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.ref", "id": "@aws-cdk/aws-ecr.CfnRepository.property.ref", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "ref: str", }, { "default": undefined, "displayName": "cfn_options", "docs": { "summary": "Options for this resource, such as condition, update policy etc.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.cfn_options", "id": "@aws-cdk/aws-ecr.CfnRepository.property.cfnOptions", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ICfnResourceOptions", "fqn": "aws_cdk.core.ICfnResourceOptions", "id": "@aws-cdk/core.ICfnResourceOptions", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "cfn_options: ICfnResourceOptions", }, { "default": undefined, "displayName": "cfn_resource_type", "docs": { "summary": "AWS resource type.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.cfn_resource_type", "id": "@aws-cdk/aws-ecr.CfnRepository.property.cfnResourceType", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "cfn_resource_type: str", }, { "default": undefined, "displayName": "attr_arn", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.attr_arn", "id": "@aws-cdk/aws-ecr.CfnRepository.property.attrArn", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "attr_arn: str", }, { "default": undefined, "displayName": "attr_repository_uri", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.attr_repository_uri", "id": "@aws-cdk/aws-ecr.CfnRepository.property.attrRepositoryUri", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "attr_repository_uri: str", }, { "default": undefined, "displayName": "tags", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags", ], "summary": "\`AWS::ECR::Repository.Tags\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.tags", "id": "@aws-cdk/aws-ecr.CfnRepository.property.tags", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "TagManager", "fqn": "aws_cdk.core.TagManager", "id": "@aws-cdk/core.TagManager", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "tags: TagManager", }, { "default": undefined, "displayName": "encryption_configuration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration", ], "summary": "\`AWS::ECR::Repository.EncryptionConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.encryption_configuration", "id": "@aws-cdk/aws-ecr.CfnRepository.property.encryptionConfiguration", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, "usage": "encryption_configuration: typing.Any", }, { "default": undefined, "displayName": "image_scanning_configuration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration", ], "summary": "\`AWS::ECR::Repository.ImageScanningConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.image_scanning_configuration", "id": "@aws-cdk/aws-ecr.CfnRepository.property.imageScanningConfiguration", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, "usage": "image_scanning_configuration: typing.Any", }, { "default": undefined, "displayName": "repository_policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext", ], "summary": "\`AWS::ECR::Repository.RepositoryPolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.repository_policy_text", "id": "@aws-cdk/aws-ecr.CfnRepository.property.repositoryPolicyText", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, "usage": "repository_policy_text: typing.Any", }, { "default": undefined, "displayName": "image_tag_mutability", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability", ], "summary": "\`AWS::ECR::Repository.ImageTagMutability\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.image_tag_mutability", "id": "@aws-cdk/aws-ecr.CfnRepository.property.imageTagMutability", "optional": true, "type": { "formattingPattern": "str", }, "usage": "image_tag_mutability: str", }, { "default": undefined, "displayName": "lifecycle_policy", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy", ], "summary": "\`AWS::ECR::Repository.LifecyclePolicy\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.lifecycle_policy", "id": "@aws-cdk/aws-ecr.CfnRepository.property.lifecyclePolicy", "optional": true, "type": { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "%", "types": [ { "displayName": "LifecyclePolicyProperty", "fqn": "aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty", "id": "@aws-cdk/aws-ecr.CfnRepository.LifecyclePolicyProperty", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, "usage": "lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty]", }, { "default": undefined, "displayName": "repository_name", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname", ], "summary": "\`AWS::ECR::Repository.RepositoryName\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.property.repository_name", "id": "@aws-cdk/aws-ecr.CfnRepository.property.repositoryName", "optional": true, "type": { "formattingPattern": "str", }, "usage": "repository_name: str", }, ], "staticMethods": [ { "displayName": "is_construct", "docs": { "summary": "Return whether the given object is a Construct.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.is_construct", "id": "@aws-cdk/aws-ecr.CfnRepository.isConstruct", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.is_construct.parameter.x", "id": "@aws-cdk/aws-ecr.CfnRepository.isConstruct.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.is_construct( x: typing.Any )", }, { "displayName": "is_cfn_element", "docs": { "remarks": "Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack.", "summary": "Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template).", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.is_cfn_element", "id": "@aws-cdk/aws-ecr.CfnRepository.isCfnElement", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.is_cfn_element.parameter.x", "id": "@aws-cdk/aws-ecr.CfnRepository.isCfnElement.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.is_cfn_element( x: typing.Any )", }, { "displayName": "is_cfn_resource", "docs": { "summary": "Check whether the given construct is a CfnResource.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.is_cfn_resource", "id": "@aws-cdk/aws-ecr.CfnRepository.isCfnResource", "parameters": [ { "default": undefined, "displayName": "construct", "docs": {}, "fqn": "aws_cdk.aws_ecr.CfnRepository.is_cfn_resource.parameter.construct", "id": "@aws-cdk/aws-ecr.CfnRepository.isCfnResource.parameter.construct", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IConstruct", "fqn": "constructs.IConstruct", "id": "constructs.IConstruct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.is_cfn_resource( construct: IConstruct )", }, ], }, { "constants": [], "displayName": "Repository", "docs": { "summary": "Define an ECR repository.", }, "fqn": "aws_cdk.aws_ecr.Repository", "id": "@aws-cdk/aws-ecr.Repository", "initializer": { "displayName": "Initializer", "fqn": "aws_cdk.aws_ecr.Repository.Initializer", "id": "@aws-cdk/aws-ecr.Repository.Initializer", "parameters": [ { "default": undefined, "displayName": "scope", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.Initializer.parameter.scope", "id": "@aws-cdk/aws-ecr.Repository.Initializer.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Construct", "fqn": "constructs.Construct", "id": "constructs.Construct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "id", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.Initializer.parameter.id", "id": "@aws-cdk/aws-ecr.Repository.Initializer.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "false", "displayName": "image_scan_on_push", "docs": { "summary": "Enable the scan on push when creating the repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.Initializer.parameter.image_scan_on_push", "id": "@aws-cdk/aws-ecr.Repository.Initializer.parameter.imageScanOnPush", "optional": true, "type": { "formattingPattern": "bool", }, }, { "default": "TagMutability.MUTABLE", "displayName": "image_tag_mutability", "docs": { "remarks": "If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.", "summary": "The tag mutability setting for the repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.Initializer.parameter.image_tag_mutability", "id": "@aws-cdk/aws-ecr.Repository.Initializer.parameter.imageTagMutability", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "TagMutability", "fqn": "aws_cdk.aws_ecr.TagMutability", "id": "@aws-cdk/aws-ecr.TagMutability", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, }, { "default": "The default registry is assumed.", "displayName": "lifecycle_registry_id", "docs": { "links": [ "https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html", ], "summary": "The AWS account ID associated with the registry that contains the repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.Initializer.parameter.lifecycle_registry_id", "id": "@aws-cdk/aws-ecr.Repository.Initializer.parameter.lifecycleRegistryId", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "No life cycle rules", "displayName": "lifecycle_rules", "docs": { "summary": "Life cycle rules to apply to this registry.", }, "fqn": "aws_cdk.aws_ecr.Repository.Initializer.parameter.lifecycle_rules", "id": "@aws-cdk/aws-ecr.Repository.Initializer.parameter.lifecycleRules", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "LifecycleRule", "fqn": "aws_cdk.aws_ecr.LifecycleRule", "id": "@aws-cdk/aws-ecr.LifecycleRule", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, }, { "default": "RemovalPolicy.Retain", "displayName": "removal_policy", "docs": { "summary": "Determine what happens to the repository when the resource/stack is deleted.", }, "fqn": "aws_cdk.aws_ecr.Repository.Initializer.parameter.removal_policy", "id": "@aws-cdk/aws-ecr.Repository.Initializer.parameter.removalPolicy", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": "Automatically generated name.", "displayName": "repository_name", "docs": { "summary": "Name for this repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.Initializer.parameter.repository_name", "id": "@aws-cdk/aws-ecr.Repository.Initializer.parameter.repositoryName", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository( scope: Construct, id: str, image_scan_on_push: bool = None, image_tag_mutability: TagMutability = None, lifecycle_registry_id: str = None, lifecycle_rules: typing.List[LifecycleRule] = None, removal_policy: RemovalPolicy = None, repository_name: str = None )", }, "instanceMethods": [ { "displayName": "to_string", "docs": { "summary": "Returns a string representation of this construct.", }, "fqn": "aws_cdk.aws_ecr.Repository.to_string", "id": "@aws-cdk/aws-ecr.Repository.toString", "parameters": [], "usage": "def to_string() -> str", }, { "displayName": "apply_removal_policy", "docs": { "remarks": "The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`).", "summary": "Apply the given removal policy to this resource.", }, "fqn": "aws_cdk.aws_ecr.Repository.apply_removal_policy", "id": "@aws-cdk/aws-ecr.Repository.applyRemovalPolicy", "parameters": [ { "default": undefined, "displayName": "policy", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.apply_removal_policy.parameter.policy", "id": "@aws-cdk/aws-ecr.Repository.applyRemovalPolicy.parameter.policy", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def apply_removal_policy( policy: RemovalPolicy ) -> None", }, { "displayName": "add_to_resource_policy", "docs": { "summary": "Add a policy statement to the repository's resource policy.", }, "fqn": "aws_cdk.aws_ecr.Repository.add_to_resource_policy", "id": "@aws-cdk/aws-ecr.Repository.addToResourcePolicy", "parameters": [ { "default": undefined, "displayName": "statement", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.add_to_resource_policy.parameter.statement", "id": "@aws-cdk/aws-ecr.Repository.addToResourcePolicy.parameter.statement", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "PolicyStatement", "fqn": "aws_cdk.aws_iam.PolicyStatement", "id": "@aws-cdk/aws-iam.PolicyStatement", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def add_to_resource_policy( statement: PolicyStatement ) -> AddToResourcePolicyResult", }, { "displayName": "grant", "docs": { "summary": "Grant the given principal identity permissions to perform the actions on this repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.grant", "id": "@aws-cdk/aws-ecr.Repository.grant", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.grant.parameter.grantee", "id": "@aws-cdk/aws-ecr.Repository.grant.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "actions", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.grant.parameter.actions", "id": "@aws-cdk/aws-ecr.Repository.grant.parameter.actions", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def grant( grantee: IGrantable, actions: str ) -> Grant", }, { "displayName": "grant_pull", "docs": { "summary": "Grant the given identity permissions to use the images in this repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.grant_pull", "id": "@aws-cdk/aws-ecr.Repository.grantPull", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.grant_pull.parameter.grantee", "id": "@aws-cdk/aws-ecr.Repository.grantPull.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def grant_pull( grantee: IGrantable ) -> Grant", }, { "displayName": "grant_pull_push", "docs": { "summary": "Grant the given identity permissions to pull and push images to this repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.grant_pull_push", "id": "@aws-cdk/aws-ecr.Repository.grantPullPush", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.grant_pull_push.parameter.grantee", "id": "@aws-cdk/aws-ecr.Repository.grantPullPush.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def grant_pull_push( grantee: IGrantable ) -> Grant", }, { "displayName": "on_cloud_trail_event", "docs": { "remarks": "Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.", "summary": "Define a CloudWatch event that triggers when something happens to this repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_event", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailEvent", "parameters": [ { "default": undefined, "displayName": "id", "docs": { "summary": "The id of the rule.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_event.parameter.id", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailEvent.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_event.parameter.description", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailEvent.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_event.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailEvent.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_event.parameter.rule_name", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailEvent.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_event.parameter.target", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailEvent.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def on_cloud_trail_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule", }, { "displayName": "on_cloud_trail_image_pushed", "docs": { "remarks": "Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.", "summary": "Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_image_pushed", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailImagePushed", "parameters": [ { "default": undefined, "displayName": "id", "docs": { "summary": "The id of the rule.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_image_pushed.parameter.id", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailImagePushed.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_image_pushed.parameter.description", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailImagePushed.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_image_pushed.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailImagePushed.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_image_pushed.parameter.rule_name", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailImagePushed.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_image_pushed.parameter.target", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailImagePushed.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "- Watch changes to all tags", "displayName": "image_tag", "docs": { "summary": "Only watch changes to this image tag.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_cloud_trail_image_pushed.parameter.image_tag", "id": "@aws-cdk/aws-ecr.Repository.onCloudTrailImagePushed.parameter.imageTag", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "def on_cloud_trail_image_pushed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) -> Rule", }, { "displayName": "on_event", "docs": { "remarks": "Use \`rule.addEventPattern(pattern)\` to specify a filter.", "summary": "Defines a CloudWatch event rule which triggers for repository events.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_event", "id": "@aws-cdk/aws-ecr.Repository.onEvent", "parameters": [ { "default": undefined, "displayName": "id", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.on_event.parameter.id", "id": "@aws-cdk/aws-ecr.Repository.onEvent.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_event.parameter.description", "id": "@aws-cdk/aws-ecr.Repository.onEvent.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_event.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.Repository.onEvent.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_event.parameter.rule_name", "id": "@aws-cdk/aws-ecr.Repository.onEvent.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_event.parameter.target", "id": "@aws-cdk/aws-ecr.Repository.onEvent.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def on_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule", }, { "displayName": "on_image_scan_completed", "docs": { "summary": "Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_image_scan_completed", "id": "@aws-cdk/aws-ecr.Repository.onImageScanCompleted", "parameters": [ { "default": undefined, "displayName": "id", "docs": { "summary": "The id of the rule.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_image_scan_completed.parameter.id", "id": "@aws-cdk/aws-ecr.Repository.onImageScanCompleted.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_image_scan_completed.parameter.description", "id": "@aws-cdk/aws-ecr.Repository.onImageScanCompleted.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_image_scan_completed.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.Repository.onImageScanCompleted.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_image_scan_completed.parameter.rule_name", "id": "@aws-cdk/aws-ecr.Repository.onImageScanCompleted.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_image_scan_completed.parameter.target", "id": "@aws-cdk/aws-ecr.Repository.onImageScanCompleted.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "- Watch the changes to the repository with all image tags", "displayName": "image_tags", "docs": { "remarks": "Leave it undefined to watch the full repository.", "summary": "Only watch changes to the image tags spedified.", }, "fqn": "aws_cdk.aws_ecr.Repository.on_image_scan_completed.parameter.image_tags", "id": "@aws-cdk/aws-ecr.Repository.onImageScanCompleted.parameter.imageTags", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, }, ], "usage": "def on_image_scan_completed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) -> Rule", }, { "displayName": "repository_uri_for_digest", "docs": { "remarks": "ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]", "summary": "Returns the URL of the repository. Can be used in \`docker push/pull\`.", }, "fqn": "aws_cdk.aws_ecr.Repository.repository_uri_for_digest", "id": "@aws-cdk/aws-ecr.Repository.repositoryUriForDigest", "parameters": [ { "default": undefined, "displayName": "digest", "docs": { "summary": "Optional image digest.", }, "fqn": "aws_cdk.aws_ecr.Repository.repository_uri_for_digest.parameter.digest", "id": "@aws-cdk/aws-ecr.Repository.repositoryUriForDigest.parameter.digest", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "def repository_uri_for_digest( digest: str = None ) -> str", }, { "displayName": "repository_uri_for_tag", "docs": { "remarks": "ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]", "summary": "Returns the URL of the repository. Can be used in \`docker push/pull\`.", }, "fqn": "aws_cdk.aws_ecr.Repository.repository_uri_for_tag", "id": "@aws-cdk/aws-ecr.Repository.repositoryUriForTag", "parameters": [ { "default": undefined, "displayName": "tag", "docs": { "summary": "Optional image tag.", }, "fqn": "aws_cdk.aws_ecr.Repository.repository_uri_for_tag.parameter.tag", "id": "@aws-cdk/aws-ecr.Repository.repositoryUriForTag.parameter.tag", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "def repository_uri_for_tag( tag: str = None ) -> str", }, { "displayName": "add_lifecycle_rule", "docs": { "remarks": "Life cycle rules automatically expire images from the repository that match certain conditions.", "summary": "Add a life cycle rule to the repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.add_lifecycle_rule", "id": "@aws-cdk/aws-ecr.Repository.addLifecycleRule", "parameters": [ { "default": "No description", "displayName": "description", "docs": { "summary": "Describes the purpose of the rule.", }, "fqn": "aws_cdk.aws_ecr.Repository.add_lifecycle_rule.parameter.description", "id": "@aws-cdk/aws-ecr.Repository.addLifecycleRule.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "max_image_age", "docs": { "remarks": "Specify exactly one of maxImageCount and maxImageAge.", "summary": "The maximum age of images to retain. The value must represent a number of days.", }, "fqn": "aws_cdk.aws_ecr.Repository.add_lifecycle_rule.parameter.max_image_age", "id": "@aws-cdk/aws-ecr.Repository.addLifecycleRule.parameter.maxImageAge", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "Duration", "fqn": "aws_cdk.core.Duration", "id": "@aws-cdk/core.Duration", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "max_image_count", "docs": { "remarks": "Specify exactly one of maxImageCount and maxImageAge.", "summary": "The maximum number of images to retain.", }, "fqn": "aws_cdk.aws_ecr.Repository.add_lifecycle_rule.parameter.max_image_count", "id": "@aws-cdk/aws-ecr.Repository.addLifecycleRule.parameter.maxImageCount", "optional": true, "type": { "formattingPattern": "typing.Union[int, float]", }, }, { "default": "Automatically assigned", "displayName": "rule_priority", "docs": { "remarks": "All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities.", "summary": "Controls the order in which rules are evaluated (low to high).", }, "fqn": "aws_cdk.aws_ecr.Repository.add_lifecycle_rule.parameter.rule_priority", "id": "@aws-cdk/aws-ecr.Repository.addLifecycleRule.parameter.rulePriority", "optional": true, "type": { "formattingPattern": "typing.Union[int, float]", }, }, { "default": undefined, "displayName": "tag_prefix_list", "docs": { "remarks": "Only if tagStatus == TagStatus.Tagged", "summary": "Select images that have ALL the given prefixes in their tag.", }, "fqn": "aws_cdk.aws_ecr.Repository.add_lifecycle_rule.parameter.tag_prefix_list", "id": "@aws-cdk/aws-ecr.Repository.addLifecycleRule.parameter.tagPrefixList", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, }, { "default": "TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise", "displayName": "tag_status", "docs": { "remarks": "Only one rule is allowed to select untagged images, and it must have the highest rulePriority.", "summary": "Select images based on tags.", }, "fqn": "aws_cdk.aws_ecr.Repository.add_lifecycle_rule.parameter.tag_status", "id": "@aws-cdk/aws-ecr.Repository.addLifecycleRule.parameter.tagStatus", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "TagStatus", "fqn": "aws_cdk.aws_ecr.TagStatus", "id": "@aws-cdk/aws-ecr.TagStatus", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def add_lifecycle_rule( description: str = None, max_image_age: Duration = None, max_image_count: typing.Union[int, float] = None, rule_priority: typing.Union[int, float] = None, tag_prefix_list: typing.List[str] = None, tag_status: TagStatus = None ) -> None", }, ], "interfaces": [], "properties": [ { "default": undefined, "displayName": "node", "docs": { "summary": "The construct tree node associated with this construct.", }, "fqn": "aws_cdk.aws_ecr.Repository.property.node", "id": "@aws-cdk/aws-ecr.Repository.property.node", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ConstructNode", "fqn": "aws_cdk.core.ConstructNode", "id": "@aws-cdk/core.ConstructNode", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "node: ConstructNode", }, { "default": undefined, "displayName": "env", "docs": { "remarks": "For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.", "summary": "The environment this resource belongs to.", }, "fqn": "aws_cdk.aws_ecr.Repository.property.env", "id": "@aws-cdk/aws-ecr.Repository.property.env", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ResourceEnvironment", "fqn": "aws_cdk.core.ResourceEnvironment", "id": "@aws-cdk/core.ResourceEnvironment", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "env: ResourceEnvironment", }, { "default": undefined, "displayName": "stack", "docs": { "summary": "The stack in which this resource is defined.", }, "fqn": "aws_cdk.aws_ecr.Repository.property.stack", "id": "@aws-cdk/aws-ecr.Repository.property.stack", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Stack", "fqn": "aws_cdk.core.Stack", "id": "@aws-cdk/core.Stack", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "stack: Stack", }, { "default": undefined, "displayName": "repository_arn", "docs": { "summary": "The ARN of the repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.property.repository_arn", "id": "@aws-cdk/aws-ecr.Repository.property.repositoryArn", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_arn: str", }, { "default": undefined, "displayName": "repository_name", "docs": { "summary": "The name of the repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.property.repository_name", "id": "@aws-cdk/aws-ecr.Repository.property.repositoryName", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_name: str", }, { "default": undefined, "displayName": "repository_uri", "docs": { "remarks": "ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY", "summary": "The URI of this repository (represents the latest image):.", }, "fqn": "aws_cdk.aws_ecr.Repository.property.repository_uri", "id": "@aws-cdk/aws-ecr.Repository.property.repositoryUri", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_uri: str", }, ], "staticMethods": [ { "displayName": "is_construct", "docs": { "summary": "Return whether the given object is a Construct.", }, "fqn": "aws_cdk.aws_ecr.Repository.is_construct", "id": "@aws-cdk/aws-ecr.Repository.isConstruct", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.is_construct.parameter.x", "id": "@aws-cdk/aws-ecr.Repository.isConstruct.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.is_construct( x: typing.Any )", }, { "displayName": "is_resource", "docs": { "summary": "Check whether the given construct is a Resource.", }, "fqn": "aws_cdk.aws_ecr.Repository.is_resource", "id": "@aws-cdk/aws-ecr.Repository.isResource", "parameters": [ { "default": undefined, "displayName": "construct", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.is_resource.parameter.construct", "id": "@aws-cdk/aws-ecr.Repository.isResource.parameter.construct", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IConstruct", "fqn": "aws_cdk.core.IConstruct", "id": "@aws-cdk/core.IConstruct", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.is_resource( construct: IConstruct )", }, { "displayName": "arn_for_local_repository", "docs": { "summary": "Returns an ECR ARN for a repository that resides in the same account/region as the current stack.", }, "fqn": "aws_cdk.aws_ecr.Repository.arn_for_local_repository", "id": "@aws-cdk/aws-ecr.Repository.arnForLocalRepository", "parameters": [ { "default": undefined, "displayName": "repository_name", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.arn_for_local_repository.parameter.repository_name", "id": "@aws-cdk/aws-ecr.Repository.arnForLocalRepository.parameter.repositoryName", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "scope", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.arn_for_local_repository.parameter.scope", "id": "@aws-cdk/aws-ecr.Repository.arnForLocalRepository.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IConstruct", "fqn": "constructs.IConstruct", "id": "constructs.IConstruct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "account", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.arn_for_local_repository.parameter.account", "id": "@aws-cdk/aws-ecr.Repository.arnForLocalRepository.parameter.account", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.arn_for_local_repository( repository_name: str, scope: IConstruct, account: str = None )", }, { "displayName": "from_repository_arn", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_arn", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryArn", "parameters": [ { "default": undefined, "displayName": "scope", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_arn.parameter.scope", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryArn.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Construct", "fqn": "constructs.Construct", "id": "constructs.Construct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "id", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_arn.parameter.id", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryArn.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "repository_arn", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_arn.parameter.repository_arn", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryArn.parameter.repositoryArn", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.from_repository_arn( scope: Construct, id: str, repository_arn: str )", }, { "displayName": "from_repository_attributes", "docs": { "summary": "Import a repository.", }, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_attributes", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryAttributes", "parameters": [ { "default": undefined, "displayName": "scope", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_attributes.parameter.scope", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryAttributes.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Construct", "fqn": "constructs.Construct", "id": "constructs.Construct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "id", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_attributes.parameter.id", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryAttributes.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "repository_arn", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_attributes.parameter.repository_arn", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryAttributes.parameter.repositoryArn", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "repository_name", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_attributes.parameter.repository_name", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryAttributes.parameter.repositoryName", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.from_repository_attributes( scope: Construct, id: str, repository_arn: str, repository_name: str )", }, { "displayName": "from_repository_name", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_name", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryName", "parameters": [ { "default": undefined, "displayName": "scope", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_name.parameter.scope", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryName.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Construct", "fqn": "constructs.Construct", "id": "constructs.Construct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "id", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_name.parameter.id", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryName.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": undefined, "displayName": "repository_name", "docs": {}, "fqn": "aws_cdk.aws_ecr.Repository.from_repository_name.parameter.repository_name", "id": "@aws-cdk/aws-ecr.Repository.fromRepositoryName.parameter.repositoryName", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.from_repository_name( scope: Construct, id: str, repository_name: str )", }, ], }, { "constants": [], "displayName": "RepositoryBase", "docs": { "remarks": "Reused between imported repositories and owned repositories.", "summary": "Base class for ECR repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase", "id": "@aws-cdk/aws-ecr.RepositoryBase", "initializer": { "displayName": "Initializer", "fqn": "aws_cdk.aws_ecr.RepositoryBase.Initializer", "id": "@aws-cdk/aws-ecr.RepositoryBase.Initializer", "parameters": [ { "default": undefined, "displayName": "scope", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.Initializer.parameter.scope", "id": "@aws-cdk/aws-ecr.RepositoryBase.Initializer.parameter.scope", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Construct", "fqn": "constructs.Construct", "id": "constructs.Construct", "packageName": "constructs", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "id", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.Initializer.parameter.id", "id": "@aws-cdk/aws-ecr.RepositoryBase.Initializer.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- the resource is in the same account as the stack it belongs to", "displayName": "account", "docs": { "summary": "The AWS account ID this resource belongs to.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.Initializer.parameter.account", "id": "@aws-cdk/aws-ecr.RepositoryBase.Initializer.parameter.account", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- take environment from \`account\`, \`region\` parameters, or use Stack environment.", "displayName": "environment_from_arn", "docs": { "remarks": "The ARN is parsed and the account and region are taken from the ARN. This should be used for imported resources. Cannot be supplied together with either \`account\` or \`region\`.", "summary": "ARN to deduce region and account from.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.Initializer.parameter.environment_from_arn", "id": "@aws-cdk/aws-ecr.RepositoryBase.Initializer.parameter.environmentFromArn", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- The physical name will be allocated by CloudFormation at deployment time", "displayName": "physical_name", "docs": { "remarks": "- \`undefined\` implies that a physical name will be allocated by CloudFormation during deployment. - a concrete value implies a specific physical name - \`PhysicalName.GENERATE_IF_NEEDED\` is a marker that indicates that a physical will only be generated by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation.", "summary": "The value passed in by users to the physical name prop of the resource.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.Initializer.parameter.physical_name", "id": "@aws-cdk/aws-ecr.RepositoryBase.Initializer.parameter.physicalName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- the resource is in the same region as the stack it belongs to", "displayName": "region", "docs": { "summary": "The AWS region this resource belongs to.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.Initializer.parameter.region", "id": "@aws-cdk/aws-ecr.RepositoryBase.Initializer.parameter.region", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryBase( scope: Construct, id: str, account: str = None, environment_from_arn: str = None, physical_name: str = None, region: str = None )", }, "instanceMethods": [ { "displayName": "to_string", "docs": { "summary": "Returns a string representation of this construct.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.to_string", "id": "@aws-cdk/aws-ecr.RepositoryBase.toString", "parameters": [], "usage": "def to_string() -> str", }, { "displayName": "apply_removal_policy", "docs": { "remarks": "The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`).", "summary": "Apply the given removal policy to this resource.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.apply_removal_policy", "id": "@aws-cdk/aws-ecr.RepositoryBase.applyRemovalPolicy", "parameters": [ { "default": undefined, "displayName": "policy", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.apply_removal_policy.parameter.policy", "id": "@aws-cdk/aws-ecr.RepositoryBase.applyRemovalPolicy.parameter.policy", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def apply_removal_policy( policy: RemovalPolicy ) -> None", }, { "displayName": "add_to_resource_policy", "docs": { "summary": "Add a policy statement to the repository's resource policy.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.add_to_resource_policy", "id": "@aws-cdk/aws-ecr.RepositoryBase.addToResourcePolicy", "parameters": [ { "default": undefined, "displayName": "statement", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.add_to_resource_policy.parameter.statement", "id": "@aws-cdk/aws-ecr.RepositoryBase.addToResourcePolicy.parameter.statement", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "PolicyStatement", "fqn": "aws_cdk.aws_iam.PolicyStatement", "id": "@aws-cdk/aws-iam.PolicyStatement", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def add_to_resource_policy( statement: PolicyStatement ) -> AddToResourcePolicyResult", }, { "displayName": "grant", "docs": { "summary": "Grant the given principal identity permissions to perform the actions on this repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.grant", "id": "@aws-cdk/aws-ecr.RepositoryBase.grant", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.grant.parameter.grantee", "id": "@aws-cdk/aws-ecr.RepositoryBase.grant.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "actions", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.grant.parameter.actions", "id": "@aws-cdk/aws-ecr.RepositoryBase.grant.parameter.actions", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def grant( grantee: IGrantable, actions: str ) -> Grant", }, { "displayName": "grant_pull", "docs": { "summary": "Grant the given identity permissions to use the images in this repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.grant_pull", "id": "@aws-cdk/aws-ecr.RepositoryBase.grantPull", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.grant_pull.parameter.grantee", "id": "@aws-cdk/aws-ecr.RepositoryBase.grantPull.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def grant_pull( grantee: IGrantable ) -> Grant", }, { "displayName": "grant_pull_push", "docs": { "summary": "Grant the given identity permissions to pull and push images to this repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.grant_pull_push", "id": "@aws-cdk/aws-ecr.RepositoryBase.grantPullPush", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.grant_pull_push.parameter.grantee", "id": "@aws-cdk/aws-ecr.RepositoryBase.grantPullPush.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def grant_pull_push( grantee: IGrantable ) -> Grant", }, { "displayName": "on_cloud_trail_event", "docs": { "remarks": "Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.", "summary": "Define a CloudWatch event that triggers when something happens to this repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_event", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailEvent", "parameters": [ { "default": undefined, "displayName": "id", "docs": { "summary": "The id of the rule.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_event.parameter.id", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailEvent.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_event.parameter.description", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailEvent.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_event.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailEvent.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_event.parameter.rule_name", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailEvent.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_event.parameter.target", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailEvent.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def on_cloud_trail_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule", }, { "displayName": "on_cloud_trail_image_pushed", "docs": { "remarks": "Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.", "summary": "Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_image_pushed", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailImagePushed", "parameters": [ { "default": undefined, "displayName": "id", "docs": { "summary": "The id of the rule.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_image_pushed.parameter.id", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailImagePushed.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_image_pushed.parameter.description", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailImagePushed.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_image_pushed.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailImagePushed.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_image_pushed.parameter.rule_name", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailImagePushed.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_image_pushed.parameter.target", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailImagePushed.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "- Watch changes to all tags", "displayName": "image_tag", "docs": { "summary": "Only watch changes to this image tag.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_cloud_trail_image_pushed.parameter.image_tag", "id": "@aws-cdk/aws-ecr.RepositoryBase.onCloudTrailImagePushed.parameter.imageTag", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "def on_cloud_trail_image_pushed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) -> Rule", }, { "displayName": "on_event", "docs": { "remarks": "Use \`rule.addEventPattern(pattern)\` to specify a filter.", "summary": "Defines a CloudWatch event rule which triggers for repository events.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_event", "id": "@aws-cdk/aws-ecr.RepositoryBase.onEvent", "parameters": [ { "default": undefined, "displayName": "id", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_event.parameter.id", "id": "@aws-cdk/aws-ecr.RepositoryBase.onEvent.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_event.parameter.description", "id": "@aws-cdk/aws-ecr.RepositoryBase.onEvent.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_event.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.RepositoryBase.onEvent.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_event.parameter.rule_name", "id": "@aws-cdk/aws-ecr.RepositoryBase.onEvent.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_event.parameter.target", "id": "@aws-cdk/aws-ecr.RepositoryBase.onEvent.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def on_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule", }, { "displayName": "on_image_scan_completed", "docs": { "summary": "Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_image_scan_completed", "id": "@aws-cdk/aws-ecr.RepositoryBase.onImageScanCompleted", "parameters": [ { "default": undefined, "displayName": "id", "docs": { "summary": "The id of the rule.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_image_scan_completed.parameter.id", "id": "@aws-cdk/aws-ecr.RepositoryBase.onImageScanCompleted.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_image_scan_completed.parameter.description", "id": "@aws-cdk/aws-ecr.RepositoryBase.onImageScanCompleted.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_image_scan_completed.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.RepositoryBase.onImageScanCompleted.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_image_scan_completed.parameter.rule_name", "id": "@aws-cdk/aws-ecr.RepositoryBase.onImageScanCompleted.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_image_scan_completed.parameter.target", "id": "@aws-cdk/aws-ecr.RepositoryBase.onImageScanCompleted.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "- Watch the changes to the repository with all image tags", "displayName": "image_tags", "docs": { "remarks": "Leave it undefined to watch the full repository.", "summary": "Only watch changes to the image tags spedified.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.on_image_scan_completed.parameter.image_tags", "id": "@aws-cdk/aws-ecr.RepositoryBase.onImageScanCompleted.parameter.imageTags", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, }, ], "usage": "def on_image_scan_completed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) -> Rule", }, { "displayName": "repository_uri_for_digest", "docs": { "remarks": "ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]", "summary": "Returns the URL of the repository. Can be used in \`docker push/pull\`.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.repository_uri_for_digest", "id": "@aws-cdk/aws-ecr.RepositoryBase.repositoryUriForDigest", "parameters": [ { "default": undefined, "displayName": "digest", "docs": { "summary": "Optional image digest.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.repository_uri_for_digest.parameter.digest", "id": "@aws-cdk/aws-ecr.RepositoryBase.repositoryUriForDigest.parameter.digest", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "def repository_uri_for_digest( digest: str = None ) -> str", }, { "displayName": "repository_uri_for_tag", "docs": { "remarks": "ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]", "summary": "Returns the URL of the repository. Can be used in \`docker push/pull\`.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.repository_uri_for_tag", "id": "@aws-cdk/aws-ecr.RepositoryBase.repositoryUriForTag", "parameters": [ { "default": undefined, "displayName": "tag", "docs": { "summary": "Optional image tag.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.repository_uri_for_tag.parameter.tag", "id": "@aws-cdk/aws-ecr.RepositoryBase.repositoryUriForTag.parameter.tag", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "def repository_uri_for_tag( tag: str = None ) -> str", }, ], "interfaces": [ { "displayName": "IRepository", "fqn": "aws_cdk.aws_ecr.IRepository", "id": "@aws-cdk/aws-ecr.IRepository", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "1.106.0", }, ], "properties": [ { "default": undefined, "displayName": "node", "docs": { "summary": "The construct tree node associated with this construct.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.property.node", "id": "@aws-cdk/aws-ecr.RepositoryBase.property.node", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ConstructNode", "fqn": "aws_cdk.core.ConstructNode", "id": "@aws-cdk/core.ConstructNode", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "node: ConstructNode", }, { "default": undefined, "displayName": "env", "docs": { "remarks": "For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.", "summary": "The environment this resource belongs to.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.property.env", "id": "@aws-cdk/aws-ecr.RepositoryBase.property.env", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ResourceEnvironment", "fqn": "aws_cdk.core.ResourceEnvironment", "id": "@aws-cdk/core.ResourceEnvironment", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "env: ResourceEnvironment", }, { "default": undefined, "displayName": "stack", "docs": { "summary": "The stack in which this resource is defined.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.property.stack", "id": "@aws-cdk/aws-ecr.RepositoryBase.property.stack", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Stack", "fqn": "aws_cdk.core.Stack", "id": "@aws-cdk/core.Stack", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "stack: Stack", }, { "default": undefined, "displayName": "repository_arn", "docs": { "summary": "The ARN of the repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.property.repository_arn", "id": "@aws-cdk/aws-ecr.RepositoryBase.property.repositoryArn", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_arn: str", }, { "default": undefined, "displayName": "repository_name", "docs": { "summary": "The name of the repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.property.repository_name", "id": "@aws-cdk/aws-ecr.RepositoryBase.property.repositoryName", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_name: str", }, { "default": undefined, "displayName": "repository_uri", "docs": { "remarks": "ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY", "summary": "The URI of this repository (represents the latest image):.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.property.repository_uri", "id": "@aws-cdk/aws-ecr.RepositoryBase.property.repositoryUri", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_uri: str", }, ], "staticMethods": [ { "displayName": "is_construct", "docs": { "summary": "Return whether the given object is a Construct.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.is_construct", "id": "@aws-cdk/aws-ecr.RepositoryBase.isConstruct", "parameters": [ { "default": undefined, "displayName": "x", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.is_construct.parameter.x", "id": "@aws-cdk/aws-ecr.RepositoryBase.isConstruct.parameter.x", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryBase.is_construct( x: typing.Any )", }, { "displayName": "is_resource", "docs": { "summary": "Check whether the given construct is a Resource.", }, "fqn": "aws_cdk.aws_ecr.RepositoryBase.is_resource", "id": "@aws-cdk/aws-ecr.RepositoryBase.isResource", "parameters": [ { "default": undefined, "displayName": "construct", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryBase.is_resource.parameter.construct", "id": "@aws-cdk/aws-ecr.RepositoryBase.isResource.parameter.construct", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IConstruct", "fqn": "aws_cdk.core.IConstruct", "id": "@aws-cdk/core.IConstruct", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryBase.is_resource( construct: IConstruct )", }, ], }, ], "enums": [ { "displayName": "TagMutability", "docs": { "summary": "The tag mutability setting for your repository.", }, "fqn": "aws_cdk.aws_ecr.TagMutability", "id": "@aws-cdk/aws-ecr.TagMutability", "members": [ { "displayName": "MUTABLE", "docs": { "summary": "allow image tags to be overwritten.", }, "fqn": "aws_cdk.aws_ecr.TagMutability.MUTABLE", "id": "@aws-cdk/aws-ecr.TagMutability.MUTABLE", }, { "displayName": "IMMUTABLE", "docs": { "summary": "all image tags within the repository will be immutable which will prevent them from being overwritten.", }, "fqn": "aws_cdk.aws_ecr.TagMutability.IMMUTABLE", "id": "@aws-cdk/aws-ecr.TagMutability.IMMUTABLE", }, ], }, { "displayName": "TagStatus", "docs": { "summary": "Select images based on tags.", }, "fqn": "aws_cdk.aws_ecr.TagStatus", "id": "@aws-cdk/aws-ecr.TagStatus", "members": [ { "displayName": "ANY", "docs": { "summary": "Rule applies to all images.", }, "fqn": "aws_cdk.aws_ecr.TagStatus.ANY", "id": "@aws-cdk/aws-ecr.TagStatus.ANY", }, { "displayName": "TAGGED", "docs": { "summary": "Rule applies to tagged images.", }, "fqn": "aws_cdk.aws_ecr.TagStatus.TAGGED", "id": "@aws-cdk/aws-ecr.TagStatus.TAGGED", }, { "displayName": "UNTAGGED", "docs": { "summary": "Rule applies to untagged images.", }, "fqn": "aws_cdk.aws_ecr.TagStatus.UNTAGGED", "id": "@aws-cdk/aws-ecr.TagStatus.UNTAGGED", }, ], }, ], "interfaces": [ { "displayName": "IRepository", "docs": { "summary": "Represents an ECR repository.", }, "fqn": "aws_cdk.aws_ecr.IRepository", "id": "@aws-cdk/aws-ecr.IRepository", "implementations": [ { "displayName": "Repository", "fqn": "aws_cdk.aws_ecr.Repository", "id": "@aws-cdk/aws-ecr.Repository", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "1.106.0", }, { "displayName": "RepositoryBase", "fqn": "aws_cdk.aws_ecr.RepositoryBase", "id": "@aws-cdk/aws-ecr.RepositoryBase", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "1.106.0", }, { "displayName": "IRepository", "fqn": "aws_cdk.aws_ecr.IRepository", "id": "@aws-cdk/aws-ecr.IRepository", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "1.106.0", }, ], "instanceMethods": [ { "displayName": "add_to_resource_policy", "docs": { "summary": "Add a policy statement to the repository's resource policy.", }, "fqn": "aws_cdk.aws_ecr.IRepository.add_to_resource_policy", "id": "@aws-cdk/aws-ecr.IRepository.addToResourcePolicy", "parameters": [ { "default": undefined, "displayName": "statement", "docs": {}, "fqn": "aws_cdk.aws_ecr.IRepository.add_to_resource_policy.parameter.statement", "id": "@aws-cdk/aws-ecr.IRepository.addToResourcePolicy.parameter.statement", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "PolicyStatement", "fqn": "aws_cdk.aws_iam.PolicyStatement", "id": "@aws-cdk/aws-iam.PolicyStatement", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def add_to_resource_policy( statement: PolicyStatement ) -> AddToResourcePolicyResult", }, { "displayName": "grant", "docs": { "summary": "Grant the given principal identity permissions to perform the actions on this repository.", }, "fqn": "aws_cdk.aws_ecr.IRepository.grant", "id": "@aws-cdk/aws-ecr.IRepository.grant", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.IRepository.grant.parameter.grantee", "id": "@aws-cdk/aws-ecr.IRepository.grant.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, { "default": undefined, "displayName": "actions", "docs": {}, "fqn": "aws_cdk.aws_ecr.IRepository.grant.parameter.actions", "id": "@aws-cdk/aws-ecr.IRepository.grant.parameter.actions", "optional": undefined, "type": { "formattingPattern": "str", }, }, ], "usage": "def grant( grantee: IGrantable, actions: str ) -> Grant", }, { "displayName": "grant_pull", "docs": { "summary": "Grant the given identity permissions to pull images in this repository.", }, "fqn": "aws_cdk.aws_ecr.IRepository.grant_pull", "id": "@aws-cdk/aws-ecr.IRepository.grantPull", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.IRepository.grant_pull.parameter.grantee", "id": "@aws-cdk/aws-ecr.IRepository.grantPull.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def grant_pull( grantee: IGrantable ) -> Grant", }, { "displayName": "grant_pull_push", "docs": { "summary": "Grant the given identity permissions to pull and push images to this repository.", }, "fqn": "aws_cdk.aws_ecr.IRepository.grant_pull_push", "id": "@aws-cdk/aws-ecr.IRepository.grantPullPush", "parameters": [ { "default": undefined, "displayName": "grantee", "docs": {}, "fqn": "aws_cdk.aws_ecr.IRepository.grant_pull_push.parameter.grantee", "id": "@aws-cdk/aws-ecr.IRepository.grantPullPush.parameter.grantee", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "IGrantable", "fqn": "aws_cdk.aws_iam.IGrantable", "id": "@aws-cdk/aws-iam.IGrantable", "packageName": "@aws-cdk/aws-iam", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def grant_pull_push( grantee: IGrantable ) -> Grant", }, { "displayName": "on_cloud_trail_event", "docs": { "remarks": "Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.", "summary": "Define a CloudWatch event that triggers when something happens to this repository.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_event", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailEvent", "parameters": [ { "default": undefined, "displayName": "id", "docs": { "summary": "The id of the rule.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_event.parameter.id", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailEvent.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_event.parameter.description", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailEvent.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_event.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailEvent.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_event.parameter.rule_name", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailEvent.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_event.parameter.target", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailEvent.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def on_cloud_trail_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule", }, { "displayName": "on_cloud_trail_image_pushed", "docs": { "remarks": "Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail.", "summary": "Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_image_pushed", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailImagePushed", "parameters": [ { "default": undefined, "displayName": "id", "docs": { "summary": "The id of the rule.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_image_pushed.parameter.id", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailImagePushed.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_image_pushed.parameter.description", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailImagePushed.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_image_pushed.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailImagePushed.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_image_pushed.parameter.rule_name", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailImagePushed.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_image_pushed.parameter.target", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailImagePushed.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "- Watch changes to all tags", "displayName": "image_tag", "docs": { "summary": "Only watch changes to this image tag.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_cloud_trail_image_pushed.parameter.image_tag", "id": "@aws-cdk/aws-ecr.IRepository.onCloudTrailImagePushed.parameter.imageTag", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "def on_cloud_trail_image_pushed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) -> Rule", }, { "displayName": "on_event", "docs": { "remarks": "Use \`rule.addEventPattern(pattern)\` to specify a filter.", "summary": "Defines a CloudWatch event rule which triggers for repository events.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_event", "id": "@aws-cdk/aws-ecr.IRepository.onEvent", "parameters": [ { "default": undefined, "displayName": "id", "docs": {}, "fqn": "aws_cdk.aws_ecr.IRepository.on_event.parameter.id", "id": "@aws-cdk/aws-ecr.IRepository.onEvent.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_event.parameter.description", "id": "@aws-cdk/aws-ecr.IRepository.onEvent.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_event.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.IRepository.onEvent.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_event.parameter.rule_name", "id": "@aws-cdk/aws-ecr.IRepository.onEvent.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_event.parameter.target", "id": "@aws-cdk/aws-ecr.IRepository.onEvent.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, ], "usage": "def on_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule", }, { "displayName": "on_image_scan_completed", "docs": { "summary": "Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_image_scan_completed", "id": "@aws-cdk/aws-ecr.IRepository.onImageScanCompleted", "parameters": [ { "default": undefined, "displayName": "id", "docs": { "summary": "The id of the rule.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_image_scan_completed.parameter.id", "id": "@aws-cdk/aws-ecr.IRepository.onImageScanCompleted.parameter.id", "optional": undefined, "type": { "formattingPattern": "str", }, }, { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_image_scan_completed.parameter.description", "id": "@aws-cdk/aws-ecr.IRepository.onImageScanCompleted.parameter.description", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_image_scan_completed.parameter.event_pattern", "id": "@aws-cdk/aws-ecr.IRepository.onImageScanCompleted.parameter.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_image_scan_completed.parameter.rule_name", "id": "@aws-cdk/aws-ecr.IRepository.onImageScanCompleted.parameter.ruleName", "optional": true, "type": { "formattingPattern": "str", }, }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_image_scan_completed.parameter.target", "id": "@aws-cdk/aws-ecr.IRepository.onImageScanCompleted.parameter.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, }, { "default": "- Watch the changes to the repository with all image tags", "displayName": "image_tags", "docs": { "remarks": "Leave it undefined to watch the full repository.", "summary": "Only watch changes to the image tags spedified.", }, "fqn": "aws_cdk.aws_ecr.IRepository.on_image_scan_completed.parameter.image_tags", "id": "@aws-cdk/aws-ecr.IRepository.onImageScanCompleted.parameter.imageTags", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, }, ], "usage": "def on_image_scan_completed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) -> Rule", }, { "displayName": "repository_uri_for_digest", "docs": { "remarks": "ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST]", "summary": "Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`.", }, "fqn": "aws_cdk.aws_ecr.IRepository.repository_uri_for_digest", "id": "@aws-cdk/aws-ecr.IRepository.repositoryUriForDigest", "parameters": [ { "default": undefined, "displayName": "digest", "docs": { "summary": "Image digest to use (tools usually default to the image with the "latest" tag if omitted).", }, "fqn": "aws_cdk.aws_ecr.IRepository.repository_uri_for_digest.parameter.digest", "id": "@aws-cdk/aws-ecr.IRepository.repositoryUriForDigest.parameter.digest", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "def repository_uri_for_digest( digest: str = None ) -> str", }, { "displayName": "repository_uri_for_tag", "docs": { "remarks": "ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG]", "summary": "Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`.", }, "fqn": "aws_cdk.aws_ecr.IRepository.repository_uri_for_tag", "id": "@aws-cdk/aws-ecr.IRepository.repositoryUriForTag", "parameters": [ { "default": undefined, "displayName": "tag", "docs": { "summary": "Image tag to use (tools usually default to "latest" if omitted).", }, "fqn": "aws_cdk.aws_ecr.IRepository.repository_uri_for_tag.parameter.tag", "id": "@aws-cdk/aws-ecr.IRepository.repositoryUriForTag.parameter.tag", "optional": true, "type": { "formattingPattern": "str", }, }, ], "usage": "def repository_uri_for_tag( tag: str = None ) -> str", }, ], "interfaces": [ { "displayName": "IResource", "fqn": "aws_cdk.core.IResource", "id": "@aws-cdk/core.IResource", "packageName": "@aws-cdk/core", "packageVersion": "1.106.0", }, ], "properties": [ { "default": undefined, "displayName": "node", "docs": { "summary": "The construct tree node for this construct.", }, "fqn": "aws_cdk.aws_ecr.IRepository.property.node", "id": "@aws-cdk/aws-ecr.IRepository.property.node", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ConstructNode", "fqn": "aws_cdk.core.ConstructNode", "id": "@aws-cdk/core.ConstructNode", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "node: ConstructNode", }, { "default": undefined, "displayName": "env", "docs": { "remarks": "For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.", "summary": "The environment this resource belongs to.", }, "fqn": "aws_cdk.aws_ecr.IRepository.property.env", "id": "@aws-cdk/aws-ecr.IRepository.property.env", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "ResourceEnvironment", "fqn": "aws_cdk.core.ResourceEnvironment", "id": "@aws-cdk/core.ResourceEnvironment", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "env: ResourceEnvironment", }, { "default": undefined, "displayName": "stack", "docs": { "summary": "The stack in which this resource is defined.", }, "fqn": "aws_cdk.aws_ecr.IRepository.property.stack", "id": "@aws-cdk/aws-ecr.IRepository.property.stack", "optional": undefined, "type": { "formattingPattern": "%", "types": [ { "displayName": "Stack", "fqn": "aws_cdk.core.Stack", "id": "@aws-cdk/core.Stack", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "stack: Stack", }, { "default": undefined, "displayName": "repository_arn", "docs": { "summary": "The ARN of the repository.", }, "fqn": "aws_cdk.aws_ecr.IRepository.property.repository_arn", "id": "@aws-cdk/aws-ecr.IRepository.property.repositoryArn", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_arn: str", }, { "default": undefined, "displayName": "repository_name", "docs": { "summary": "The name of the repository.", }, "fqn": "aws_cdk.aws_ecr.IRepository.property.repository_name", "id": "@aws-cdk/aws-ecr.IRepository.property.repositoryName", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_name: str", }, { "default": undefined, "displayName": "repository_uri", "docs": { "remarks": "ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY", "summary": "The URI of this repository (represents the latest image):.", }, "fqn": "aws_cdk.aws_ecr.IRepository.property.repository_uri", "id": "@aws-cdk/aws-ecr.IRepository.property.repositoryUri", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_uri: str", }, ], }, ], "structs": [ { "displayName": "CfnPublicRepositoryProps", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html", ], "summary": "Properties for defining a \`AWS::ECR::PublicRepository\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepositoryProps", "id": "@aws-cdk/aws-ecr.CfnPublicRepositoryProps", "properties": [ { "default": undefined, "displayName": "repository_catalog_data", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata", ], "summary": "\`AWS::ECR::PublicRepository.RepositoryCatalogData\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepositoryProps.property.repository_catalog_data", "id": "@aws-cdk/aws-ecr.CfnPublicRepositoryProps.property.repositoryCatalogData", "optional": true, "type": { "formattingPattern": "typing.Any", }, "usage": "repository_catalog_data: typing.Any", }, { "default": undefined, "displayName": "repository_name", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname", ], "summary": "\`AWS::ECR::PublicRepository.RepositoryName\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepositoryProps.property.repository_name", "id": "@aws-cdk/aws-ecr.CfnPublicRepositoryProps.property.repositoryName", "optional": true, "type": { "formattingPattern": "str", }, "usage": "repository_name: str", }, { "default": undefined, "displayName": "repository_policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext", ], "summary": "\`AWS::ECR::PublicRepository.RepositoryPolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepositoryProps.property.repository_policy_text", "id": "@aws-cdk/aws-ecr.CfnPublicRepositoryProps.property.repositoryPolicyText", "optional": true, "type": { "formattingPattern": "typing.Any", }, "usage": "repository_policy_text: typing.Any", }, { "default": undefined, "displayName": "tags", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags", ], "summary": "\`AWS::ECR::PublicRepository.Tags\`.", }, "fqn": "aws_cdk.aws_ecr.CfnPublicRepositoryProps.property.tags", "id": "@aws-cdk/aws-ecr.CfnPublicRepositoryProps.property.tags", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "CfnTag", "fqn": "aws_cdk.core.CfnTag", "id": "@aws-cdk/core.CfnTag", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, ], }, "usage": "tags: typing.List[CfnTag]", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepositoryProps( repository_catalog_data: typing.Any = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None )", }, { "displayName": "CfnRegistryPolicyProps", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html", ], "summary": "Properties for defining a \`AWS::ECR::RegistryPolicy\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicyProps", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicyProps", "properties": [ { "default": undefined, "displayName": "policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext", ], "summary": "\`AWS::ECR::RegistryPolicy.PolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRegistryPolicyProps.property.policy_text", "id": "@aws-cdk/aws-ecr.CfnRegistryPolicyProps.property.policyText", "optional": undefined, "type": { "formattingPattern": "typing.Any", }, "usage": "policy_text: typing.Any", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicyProps( policy_text: typing.Any )", }, { "displayName": "CfnReplicationConfigurationProps", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html", ], "summary": "Properties for defining a \`AWS::ECR::ReplicationConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfigurationProps", "id": "@aws-cdk/aws-ecr.CfnReplicationConfigurationProps", "properties": [ { "default": undefined, "displayName": "replication_configuration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration", ], "summary": "\`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfigurationProps.property.replication_configuration", "id": "@aws-cdk/aws-ecr.CfnReplicationConfigurationProps.property.replicationConfiguration", "optional": undefined, "type": { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "%", "types": [ { "displayName": "ReplicationConfigurationProperty", "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, "usage": "replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty]", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfigurationProps( replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] )", }, { "displayName": "CfnRepositoryProps", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html", ], "summary": "Properties for defining a \`AWS::ECR::Repository\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepositoryProps", "id": "@aws-cdk/aws-ecr.CfnRepositoryProps", "properties": [ { "default": undefined, "displayName": "encryption_configuration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration", ], "summary": "\`AWS::ECR::Repository.EncryptionConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepositoryProps.property.encryption_configuration", "id": "@aws-cdk/aws-ecr.CfnRepositoryProps.property.encryptionConfiguration", "optional": true, "type": { "formattingPattern": "typing.Any", }, "usage": "encryption_configuration: typing.Any", }, { "default": undefined, "displayName": "image_scanning_configuration", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration", ], "summary": "\`AWS::ECR::Repository.ImageScanningConfiguration\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepositoryProps.property.image_scanning_configuration", "id": "@aws-cdk/aws-ecr.CfnRepositoryProps.property.imageScanningConfiguration", "optional": true, "type": { "formattingPattern": "typing.Any", }, "usage": "image_scanning_configuration: typing.Any", }, { "default": undefined, "displayName": "image_tag_mutability", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability", ], "summary": "\`AWS::ECR::Repository.ImageTagMutability\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepositoryProps.property.image_tag_mutability", "id": "@aws-cdk/aws-ecr.CfnRepositoryProps.property.imageTagMutability", "optional": true, "type": { "formattingPattern": "str", }, "usage": "image_tag_mutability: str", }, { "default": undefined, "displayName": "lifecycle_policy", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy", ], "summary": "\`AWS::ECR::Repository.LifecyclePolicy\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepositoryProps.property.lifecycle_policy", "id": "@aws-cdk/aws-ecr.CfnRepositoryProps.property.lifecyclePolicy", "optional": true, "type": { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "%", "types": [ { "displayName": "LifecyclePolicyProperty", "fqn": "aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty", "id": "@aws-cdk/aws-ecr.CfnRepository.LifecyclePolicyProperty", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, "usage": "lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty]", }, { "default": undefined, "displayName": "repository_name", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname", ], "summary": "\`AWS::ECR::Repository.RepositoryName\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepositoryProps.property.repository_name", "id": "@aws-cdk/aws-ecr.CfnRepositoryProps.property.repositoryName", "optional": true, "type": { "formattingPattern": "str", }, "usage": "repository_name: str", }, { "default": undefined, "displayName": "repository_policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext", ], "summary": "\`AWS::ECR::Repository.RepositoryPolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepositoryProps.property.repository_policy_text", "id": "@aws-cdk/aws-ecr.CfnRepositoryProps.property.repositoryPolicyText", "optional": true, "type": { "formattingPattern": "typing.Any", }, "usage": "repository_policy_text: typing.Any", }, { "default": undefined, "displayName": "tags", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags", ], "summary": "\`AWS::ECR::Repository.Tags\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepositoryProps.property.tags", "id": "@aws-cdk/aws-ecr.CfnRepositoryProps.property.tags", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "CfnTag", "fqn": "aws_cdk.core.CfnTag", "id": "@aws-cdk/core.CfnTag", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, ], }, "usage": "tags: typing.List[CfnTag]", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepositoryProps( encryption_configuration: typing.Any = None, image_scanning_configuration: typing.Any = None, image_tag_mutability: str = None, lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None )", }, { "displayName": "LifecyclePolicyProperty", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html", ], }, "fqn": "aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty", "id": "@aws-cdk/aws-ecr.CfnRepository.LifecyclePolicyProperty", "properties": [ { "default": undefined, "displayName": "lifecycle_policy_text", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext", ], "summary": "\`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty.property.lifecycle_policy_text", "id": "@aws-cdk/aws-ecr.CfnRepository.LifecyclePolicyProperty.property.lifecyclePolicyText", "optional": true, "type": { "formattingPattern": "str", }, "usage": "lifecycle_policy_text: str", }, { "default": undefined, "displayName": "registry_id", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid", ], "summary": "\`CfnRepository.LifecyclePolicyProperty.RegistryId\`.", }, "fqn": "aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty.property.registry_id", "id": "@aws-cdk/aws-ecr.CfnRepository.LifecyclePolicyProperty.property.registryId", "optional": true, "type": { "formattingPattern": "str", }, "usage": "registry_id: str", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty( lifecycle_policy_text: str = None, registry_id: str = None )", }, { "displayName": "LifecycleRule", "docs": { "summary": "An ECR life cycle rule.", }, "fqn": "aws_cdk.aws_ecr.LifecycleRule", "id": "@aws-cdk/aws-ecr.LifecycleRule", "properties": [ { "default": "No description", "displayName": "description", "docs": { "summary": "Describes the purpose of the rule.", }, "fqn": "aws_cdk.aws_ecr.LifecycleRule.property.description", "id": "@aws-cdk/aws-ecr.LifecycleRule.property.description", "optional": true, "type": { "formattingPattern": "str", }, "usage": "description: str", }, { "default": undefined, "displayName": "max_image_age", "docs": { "remarks": "Specify exactly one of maxImageCount and maxImageAge.", "summary": "The maximum age of images to retain. The value must represent a number of days.", }, "fqn": "aws_cdk.aws_ecr.LifecycleRule.property.max_image_age", "id": "@aws-cdk/aws-ecr.LifecycleRule.property.maxImageAge", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "Duration", "fqn": "aws_cdk.core.Duration", "id": "@aws-cdk/core.Duration", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "max_image_age: Duration", }, { "default": undefined, "displayName": "max_image_count", "docs": { "remarks": "Specify exactly one of maxImageCount and maxImageAge.", "summary": "The maximum number of images to retain.", }, "fqn": "aws_cdk.aws_ecr.LifecycleRule.property.max_image_count", "id": "@aws-cdk/aws-ecr.LifecycleRule.property.maxImageCount", "optional": true, "type": { "formattingPattern": "typing.Union[int, float]", }, "usage": "max_image_count: typing.Union[int, float]", }, { "default": "Automatically assigned", "displayName": "rule_priority", "docs": { "remarks": "All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities.", "summary": "Controls the order in which rules are evaluated (low to high).", }, "fqn": "aws_cdk.aws_ecr.LifecycleRule.property.rule_priority", "id": "@aws-cdk/aws-ecr.LifecycleRule.property.rulePriority", "optional": true, "type": { "formattingPattern": "typing.Union[int, float]", }, "usage": "rule_priority: typing.Union[int, float]", }, { "default": undefined, "displayName": "tag_prefix_list", "docs": { "remarks": "Only if tagStatus == TagStatus.Tagged", "summary": "Select images that have ALL the given prefixes in their tag.", }, "fqn": "aws_cdk.aws_ecr.LifecycleRule.property.tag_prefix_list", "id": "@aws-cdk/aws-ecr.LifecycleRule.property.tagPrefixList", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, "usage": "tag_prefix_list: typing.List[str]", }, { "default": "TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise", "displayName": "tag_status", "docs": { "remarks": "Only one rule is allowed to select untagged images, and it must have the highest rulePriority.", "summary": "Select images based on tags.", }, "fqn": "aws_cdk.aws_ecr.LifecycleRule.property.tag_status", "id": "@aws-cdk/aws-ecr.LifecycleRule.property.tagStatus", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "TagStatus", "fqn": "aws_cdk.aws_ecr.TagStatus", "id": "@aws-cdk/aws-ecr.TagStatus", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, "usage": "tag_status: TagStatus", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.LifecycleRule( description: str = None, max_image_age: Duration = None, max_image_count: typing.Union[int, float] = None, rule_priority: typing.Union[int, float] = None, tag_prefix_list: typing.List[str] = None, tag_status: TagStatus = None )", }, { "displayName": "OnCloudTrailImagePushedOptions", "docs": { "summary": "Options for the onCloudTrailImagePushed method.", }, "fqn": "aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions", "id": "@aws-cdk/aws-ecr.OnCloudTrailImagePushedOptions", "properties": [ { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions.property.description", "id": "@aws-cdk/aws-ecr.OnCloudTrailImagePushedOptions.property.description", "optional": true, "type": { "formattingPattern": "str", }, "usage": "description: str", }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions.property.event_pattern", "id": "@aws-cdk/aws-ecr.OnCloudTrailImagePushedOptions.property.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, "usage": "event_pattern: EventPattern", }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions.property.rule_name", "id": "@aws-cdk/aws-ecr.OnCloudTrailImagePushedOptions.property.ruleName", "optional": true, "type": { "formattingPattern": "str", }, "usage": "rule_name: str", }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions.property.target", "id": "@aws-cdk/aws-ecr.OnCloudTrailImagePushedOptions.property.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, "usage": "target: IRuleTarget", }, { "default": "- Watch changes to all tags", "displayName": "image_tag", "docs": { "summary": "Only watch changes to this image tag.", }, "fqn": "aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions.property.image_tag", "id": "@aws-cdk/aws-ecr.OnCloudTrailImagePushedOptions.property.imageTag", "optional": true, "type": { "formattingPattern": "str", }, "usage": "image_tag: str", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions( description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None )", }, { "displayName": "OnImageScanCompletedOptions", "docs": { "summary": "Options for the OnImageScanCompleted method.", }, "fqn": "aws_cdk.aws_ecr.OnImageScanCompletedOptions", "id": "@aws-cdk/aws-ecr.OnImageScanCompletedOptions", "properties": [ { "default": "- No description", "displayName": "description", "docs": { "summary": "A description of the rule's purpose.", }, "fqn": "aws_cdk.aws_ecr.OnImageScanCompletedOptions.property.description", "id": "@aws-cdk/aws-ecr.OnImageScanCompletedOptions.property.description", "optional": true, "type": { "formattingPattern": "str", }, "usage": "description: str", }, { "default": "- No additional filtering based on an event pattern.", "displayName": "event_pattern", "docs": { "links": [ "https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html", ], "remarks": "The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering.", "summary": "Additional restrictions for the event to route to the specified target.", }, "fqn": "aws_cdk.aws_ecr.OnImageScanCompletedOptions.property.event_pattern", "id": "@aws-cdk/aws-ecr.OnImageScanCompletedOptions.property.eventPattern", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "EventPattern", "fqn": "aws_cdk.aws_events.EventPattern", "id": "@aws-cdk/aws-events.EventPattern", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, "usage": "event_pattern: EventPattern", }, { "default": "AWS CloudFormation generates a unique physical ID.", "displayName": "rule_name", "docs": { "summary": "A name for the rule.", }, "fqn": "aws_cdk.aws_ecr.OnImageScanCompletedOptions.property.rule_name", "id": "@aws-cdk/aws-ecr.OnImageScanCompletedOptions.property.ruleName", "optional": true, "type": { "formattingPattern": "str", }, "usage": "rule_name: str", }, { "default": "- No target is added to the rule. Use \`addTarget()\` to add a target.", "displayName": "target", "docs": { "summary": "The target to register for the event.", }, "fqn": "aws_cdk.aws_ecr.OnImageScanCompletedOptions.property.target", "id": "@aws-cdk/aws-ecr.OnImageScanCompletedOptions.property.target", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "IRuleTarget", "fqn": "aws_cdk.aws_events.IRuleTarget", "id": "@aws-cdk/aws-events.IRuleTarget", "packageName": "@aws-cdk/aws-events", "packageVersion": "99.99.99", }, ], }, "usage": "target: IRuleTarget", }, { "default": "- Watch the changes to the repository with all image tags", "displayName": "image_tags", "docs": { "remarks": "Leave it undefined to watch the full repository.", "summary": "Only watch changes to the image tags spedified.", }, "fqn": "aws_cdk.aws_ecr.OnImageScanCompletedOptions.property.image_tags", "id": "@aws-cdk/aws-ecr.OnImageScanCompletedOptions.property.imageTags", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "str", }, ], }, "usage": "image_tags: typing.List[str]", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.OnImageScanCompletedOptions( description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None )", }, { "displayName": "ReplicationConfigurationProperty", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html", ], }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty", "properties": [ { "default": undefined, "displayName": "rules", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules", ], "summary": "\`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty.property.rules", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty.property.rules", "optional": undefined, "type": { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "%", "types": [ { "displayName": "ReplicationRuleProperty", "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationRuleProperty", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, ], }, ], }, "usage": "rules: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationRuleProperty]]]", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty( rules: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationRuleProperty]]] )", }, { "displayName": "ReplicationDestinationProperty", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html", ], }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationDestinationProperty", "properties": [ { "default": undefined, "displayName": "region", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region", ], "summary": "\`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty.property.region", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationDestinationProperty.property.region", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "region: str", }, { "default": undefined, "displayName": "registry_id", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid", ], "summary": "\`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty.property.registry_id", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationDestinationProperty.property.registryId", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "registry_id: str", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty( region: str, registry_id: str )", }, { "displayName": "ReplicationRuleProperty", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html", ], }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationRuleProperty", "properties": [ { "default": undefined, "displayName": "destinations", "docs": { "links": [ "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations", ], "summary": "\`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`.", }, "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty.property.destinations", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationRuleProperty.property.destinations", "optional": undefined, "type": { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "typing.Union[%, %]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "IResolvable", "fqn": "aws_cdk.core.IResolvable", "id": "@aws-cdk/core.IResolvable", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, { "formattingPattern": "%", "types": [ { "displayName": "ReplicationDestinationProperty", "fqn": "aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty", "id": "@aws-cdk/aws-ecr.CfnReplicationConfiguration.ReplicationDestinationProperty", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, ], }, ], }, "usage": "destinations: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationDestinationProperty]]]", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty( destinations: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationDestinationProperty]]] )", }, { "displayName": "RepositoryAttributes", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryAttributes", "id": "@aws-cdk/aws-ecr.RepositoryAttributes", "properties": [ { "default": undefined, "displayName": "repository_arn", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryAttributes.property.repository_arn", "id": "@aws-cdk/aws-ecr.RepositoryAttributes.property.repositoryArn", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_arn: str", }, { "default": undefined, "displayName": "repository_name", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryAttributes.property.repository_name", "id": "@aws-cdk/aws-ecr.RepositoryAttributes.property.repositoryName", "optional": undefined, "type": { "formattingPattern": "str", }, "usage": "repository_name: str", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryAttributes( repository_arn: str, repository_name: str )", }, { "displayName": "RepositoryProps", "docs": {}, "fqn": "aws_cdk.aws_ecr.RepositoryProps", "id": "@aws-cdk/aws-ecr.RepositoryProps", "properties": [ { "default": "false", "displayName": "image_scan_on_push", "docs": { "summary": "Enable the scan on push when creating the repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryProps.property.image_scan_on_push", "id": "@aws-cdk/aws-ecr.RepositoryProps.property.imageScanOnPush", "optional": true, "type": { "formattingPattern": "bool", }, "usage": "image_scan_on_push: bool", }, { "default": "TagMutability.MUTABLE", "displayName": "image_tag_mutability", "docs": { "remarks": "If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten.", "summary": "The tag mutability setting for the repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryProps.property.image_tag_mutability", "id": "@aws-cdk/aws-ecr.RepositoryProps.property.imageTagMutability", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "TagMutability", "fqn": "aws_cdk.aws_ecr.TagMutability", "id": "@aws-cdk/aws-ecr.TagMutability", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, "usage": "image_tag_mutability: TagMutability", }, { "default": "The default registry is assumed.", "displayName": "lifecycle_registry_id", "docs": { "links": [ "https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html", ], "summary": "The AWS account ID associated with the registry that contains the repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryProps.property.lifecycle_registry_id", "id": "@aws-cdk/aws-ecr.RepositoryProps.property.lifecycleRegistryId", "optional": true, "type": { "formattingPattern": "str", }, "usage": "lifecycle_registry_id: str", }, { "default": "No life cycle rules", "displayName": "lifecycle_rules", "docs": { "summary": "Life cycle rules to apply to this registry.", }, "fqn": "aws_cdk.aws_ecr.RepositoryProps.property.lifecycle_rules", "id": "@aws-cdk/aws-ecr.RepositoryProps.property.lifecycleRules", "optional": true, "type": { "formattingPattern": "typing.List[%]", "types": [ { "formattingPattern": "%", "types": [ { "displayName": "LifecycleRule", "fqn": "aws_cdk.aws_ecr.LifecycleRule", "id": "@aws-cdk/aws-ecr.LifecycleRule", "packageName": "@aws-cdk/aws-ecr", "packageVersion": "99.99.99", }, ], }, ], }, "usage": "lifecycle_rules: typing.List[LifecycleRule]", }, { "default": "RemovalPolicy.Retain", "displayName": "removal_policy", "docs": { "summary": "Determine what happens to the repository when the resource/stack is deleted.", }, "fqn": "aws_cdk.aws_ecr.RepositoryProps.property.removal_policy", "id": "@aws-cdk/aws-ecr.RepositoryProps.property.removalPolicy", "optional": true, "type": { "formattingPattern": "%", "types": [ { "displayName": "RemovalPolicy", "fqn": "aws_cdk.core.RemovalPolicy", "id": "@aws-cdk/core.RemovalPolicy", "packageName": "@aws-cdk/core", "packageVersion": "99.99.99", }, ], }, "usage": "removal_policy: RemovalPolicy", }, { "default": "Automatically generated name.", "displayName": "repository_name", "docs": { "summary": "Name for this repository.", }, "fqn": "aws_cdk.aws_ecr.RepositoryProps.property.repository_name", "id": "@aws-cdk/aws-ecr.RepositoryProps.property.repositoryName", "optional": true, "type": { "formattingPattern": "str", }, "usage": "repository_name: str", }, ], "usage": "import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryProps( image_scan_on_push: bool = None, image_tag_mutability: TagMutability = None, lifecycle_registry_id: str = None, lifecycle_rules: typing.List[LifecycleRule] = None, removal_policy: RemovalPolicy = None, repository_name: str = None )", }, ], }, "language": "python", "metadata": { "packageName": "@aws-cdk/aws-ecr", "packageVersion": "1.106.0", "submodule": undefined, }, "readme": "# Amazon ECR Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This package contains constructs for working with Amazon Elastic Container Registry. ## Repositories Define a repository by creating a new instance of \`Repository\`. A repository holds multiple verions of a single container image. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository = ecr.Repository(self, "Repository") \`\`\` ## Image scanning Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable \`imageScanOnPush\` in the properties \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository = ecr.Repository(stack, "Repo", image_scan_on_push=True ) \`\`\` To create an \`onImageScanCompleted\` event rule and trigger the event target \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository.on_image_scan_completed("ImageScanComplete").add_target(...) \`\`\` ### Authorization Token Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the \`GetAuthorizationToken\` ECR API. The following code snippets grants an IAM user access to call this API. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. import aws_cdk.aws_iam as iam import aws_cdk.aws_ecr as ecr user = iam.User(self, "User", ...) ecr.AuthorizationToken.grant_read(user) \`\`\` If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits. > See \`Pricing\` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html). The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. import aws_cdk.aws_iam as iam import aws_cdk.aws_ecr as ecr user = iam.User(self, "User", ...) ecr.PublicGalleryAuthorizationToken.grant_read(user) \`\`\` This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth). ### Image tag immutability You can set tag immutability on images in our repository using the \`imageTagMutability\` construct prop. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. ecr.Repository(stack, "Repo", image_tag_mutability=ecr.TagMutability.IMMUTABLE) \`\`\` ## Automatically clean up repositories You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here): \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository.add_lifecycle_rule(tag_prefix_list=["prod"], max_image_count=9999) repository.add_lifecycle_rule(max_image_age=cdk.Duration.days(30)) \`\`\`", "version": "0.1", } `; exports[`python for package 2`] = ` "# Amazon ECR Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This package contains constructs for working with Amazon Elastic Container Registry. ## Repositories Define a repository by creating a new instance of \`Repository\`. A repository holds multiple verions of a single container image. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository = ecr.Repository(self, "Repository") \`\`\` ## Image scanning Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable \`imageScanOnPush\` in the properties \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository = ecr.Repository(stack, "Repo", image_scan_on_push=True ) \`\`\` To create an \`onImageScanCompleted\` event rule and trigger the event target \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository.on_image_scan_completed("ImageScanComplete").add_target(...) \`\`\` ### Authorization Token Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the \`GetAuthorizationToken\` ECR API. The following code snippets grants an IAM user access to call this API. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. import aws_cdk.aws_iam as iam import aws_cdk.aws_ecr as ecr user = iam.User(self, "User", ...) ecr.AuthorizationToken.grant_read(user) \`\`\` If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits. > See \`Pricing\` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html). The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. import aws_cdk.aws_iam as iam import aws_cdk.aws_ecr as ecr user = iam.User(self, "User", ...) ecr.PublicGalleryAuthorizationToken.grant_read(user) \`\`\` This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth). ### Image tag immutability You can set tag immutability on images in our repository using the \`imageTagMutability\` construct prop. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. ecr.Repository(stack, "Repo", image_tag_mutability=ecr.TagMutability.IMMUTABLE) \`\`\` ## Automatically clean up repositories You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here): \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository.add_lifecycle_rule(tag_prefix_list=["prod"], max_image_count=9999) repository.add_lifecycle_rule(max_image_age=cdk.Duration.days(30)) \`\`\` # API Reference ## Constructs ### CfnPublicRepository - *Implements:* aws_cdk.core.IInspectable A CloudFormation \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository( scope: Construct, id: str, repository_catalog_data: typing.Any = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | aws_cdk.core.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | repository_catalog_data | typing.Any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repository_name | str | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repository_policy_text | typing.Any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | typing.List[aws_cdk.core.CfnTag] | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`scope\`Required - *Type:* aws_cdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`repository_catalog_data\`Optional - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repository_name\`Optional - *Type:* str \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repository_policy_text\`Optional - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional - *Type:* typing.List[aws_cdk.core.CfnTag] \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.core.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_element\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.core.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_arn | str | *No description.* | | tags | aws_cdk.core.TagManager | \`AWS::ECR::PublicRepository.Tags\`. | | repository_catalog_data | typing.Any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repository_policy_text | typing.Any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | repository_name | str | \`AWS::ECR::PublicRepository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_arn\`Required \`\`\`python attr_arn: str \`\`\` - *Type:* str --- ##### \`tags\`Required \`\`\`python tags: TagManager \`\`\` - *Type:* aws_cdk.core.TagManager \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ##### \`repository_catalog_data\`Required \`\`\`python repository_catalog_data: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repository_policy_text\`Required \`\`\`python repository_policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### CfnRegistryPolicy - *Implements:* aws_cdk.core.IInspectable A CloudFormation \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy( scope: Construct, id: str, policy_text: typing.Any ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | aws_cdk.core.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | policy_text | typing.Any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`scope\`Required - *Type:* aws_cdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`policy_text\`Required - *Type:* typing.Any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.core.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_element\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.core.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_registry_id | str | *No description.* | | policy_text | typing.Any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_registry_id\`Required \`\`\`python attr_registry_id: str \`\`\` - *Type:* str --- ##### \`policy_text\`Required \`\`\`python policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### CfnReplicationConfiguration - *Implements:* aws_cdk.core.IInspectable A CloudFormation \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration( scope: Construct, id: str, replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | aws_cdk.core.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | replication_configuration | typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`scope\`Required - *Type:* aws_cdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`replication_configuration\`Required - *Type:* typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.core.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_element\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.core.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_registry_id | str | *No description.* | | replication_configuration | typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_registry_id\`Required \`\`\`python attr_registry_id: str \`\`\` - *Type:* str --- ##### \`replication_configuration\`Required \`\`\`python replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### CfnRepository - *Implements:* aws_cdk.core.IInspectable A CloudFormation \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository( scope: Construct, id: str, encryption_configuration: typing.Any = None, image_scanning_configuration: typing.Any = None, image_tag_mutability: str = None, lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | aws_cdk.core.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | encryption_configuration | typing.Any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | image_scanning_configuration | typing.Any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | image_tag_mutability | str | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecycle_policy | typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repository_name | str | \`AWS::ECR::Repository.RepositoryName\`. | | repository_policy_text | typing.Any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | typing.List[aws_cdk.core.CfnTag] | \`AWS::ECR::Repository.Tags\`. | --- ##### \`scope\`Required - *Type:* aws_cdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`encryption_configuration\`Optional - *Type:* typing.Any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`image_scanning_configuration\`Optional - *Type:* typing.Any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`image_tag_mutability\`Optional - *Type:* str \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecycle_policy\`Optional - *Type:* typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repository_name\`Optional - *Type:* str \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repository_policy_text\`Optional - *Type:* typing.Any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional - *Type:* typing.List[aws_cdk.core.CfnTag] \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.core.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_element\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.core.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_arn | str | *No description.* | | attr_repository_uri | str | *No description.* | | tags | aws_cdk.core.TagManager | \`AWS::ECR::Repository.Tags\`. | | encryption_configuration | typing.Any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | image_scanning_configuration | typing.Any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | repository_policy_text | typing.Any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | image_tag_mutability | str | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecycle_policy | typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repository_name | str | \`AWS::ECR::Repository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_arn\`Required \`\`\`python attr_arn: str \`\`\` - *Type:* str --- ##### \`attr_repository_uri\`Required \`\`\`python attr_repository_uri: str \`\`\` - *Type:* str --- ##### \`tags\`Required \`\`\`python tags: TagManager \`\`\` - *Type:* aws_cdk.core.TagManager \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ##### \`encryption_configuration\`Required \`\`\`python encryption_configuration: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`image_scanning_configuration\`Required \`\`\`python image_scanning_configuration: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`repository_policy_text\`Required \`\`\`python repository_policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`image_tag_mutability\`Optional \`\`\`python image_tag_mutability: str \`\`\` - *Type:* str \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecycle_policy\`Optional \`\`\`python lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### Repository Define an ECR repository. #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository( scope: Construct, id: str, image_scan_on_push: bool = None, image_tag_mutability: TagMutability = None, lifecycle_registry_id: str = None, lifecycle_rules: typing.List[LifecycleRule] = None, removal_policy: RemovalPolicy = None, repository_name: str = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | image_scan_on_push | bool | Enable the scan on push when creating the repository. | | image_tag_mutability | TagMutability | The tag mutability setting for the repository. | | lifecycle_registry_id | str | The AWS account ID associated with the registry that contains the repository. | | lifecycle_rules | typing.List[LifecycleRule] | Life cycle rules to apply to this registry. | | removal_policy | aws_cdk.core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repository_name | str | Name for this repository. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`image_scan_on_push\`Optional - *Type:* bool - *Default:* false Enable the scan on push when creating the repository. --- ##### \`image_tag_mutability\`Optional - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycle_registry_id\`Optional - *Type:* str - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycle_rules\`Optional - *Type:* typing.List[LifecycleRule] - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removal_policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repository_name\`Optional - *Type:* str - *Default:* Automatically generated name. Name for this repository. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | apply_removal_policy | Apply the given removal policy to this resource. | | add_to_resource_policy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grant_pull | Grant the given identity permissions to use the images in this repository. | | grant_pull_push | Grant the given identity permissions to pull and push images to this repository. | | on_cloud_trail_event | Define a CloudWatch event that triggers when something happens to this repository. | | on_cloud_trail_image_pushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | on_event | Defines a CloudWatch event rule which triggers for repository events. | | on_image_scan_completed | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repository_uri_for_digest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repository_uri_for_tag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | add_lifecycle_rule | Add a life cycle rule to the repository. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy ) -> None \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws_cdk.core.RemovalPolicy --- ##### \`add_to_resource_policy\` \`\`\`python def add_to_resource_policy( statement: PolicyStatement ) -> AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* aws_cdk.aws_iam.PolicyStatement --- ##### \`grant\` \`\`\`python def grant( grantee: IGrantable, actions: str ) -> Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ###### \`actions\`Required - *Type:* str --- ##### \`grant_pull\` \`\`\`python def grant_pull( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`grant_pull_push\` \`\`\`python def grant_pull_push( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`on_cloud_trail_event\` \`\`\`python def on_cloud_trail_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_cloud_trail_image_pushed\` \`\`\`python def on_cloud_trail_image_pushed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tag\`Optional - *Type:* str - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ##### \`on_event\` \`\`\`python def on_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* str --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_image_scan_completed\` \`\`\`python def on_image_scan_completed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tags\`Optional - *Type:* typing.List[str] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ##### \`repository_uri_for_digest\` \`\`\`python def repository_uri_for_digest( digest: str = None ) -> str \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* str Optional image digest. --- ##### \`repository_uri_for_tag\` \`\`\`python def repository_uri_for_tag( tag: str = None ) -> str \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* str Optional image tag. --- ##### \`add_lifecycle_rule\` \`\`\`python def add_lifecycle_rule( description: str = None, max_image_age: Duration = None, max_image_count: typing.Union[int, float] = None, rule_priority: typing.Union[int, float] = None, tag_prefix_list: typing.List[str] = None, tag_status: TagStatus = None ) -> None \`\`\` Add a life cycle rule to the repository. Life cycle rules automatically expire images from the repository that match certain conditions. ###### \`description\`Optional - *Type:* str - *Default:* No description Describes the purpose of the rule. --- ###### \`max_image_age\`Optional - *Type:* aws_cdk.core.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ###### \`max_image_count\`Optional - *Type:* typing.Union[int, float] The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ###### \`rule_priority\`Optional - *Type:* typing.Union[int, float] - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ###### \`tag_prefix_list\`Optional - *Type:* typing.List[str] Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ###### \`tag_status\`Optional - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_resource | Check whether the given construct is a Resource. | | arn_for_local_repository | Returns an ECR ARN for a repository that resides in the same account/region as the current stack. | | from_repository_arn | *No description.* | | from_repository_attributes | Import a repository. | | from_repository_name | *No description.* | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.is_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* aws_cdk.core.IConstruct --- ##### \`arn_for_local_repository\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.arn_for_local_repository( repository_name: str, scope: IConstruct, account: str = None ) \`\`\` Returns an ECR ARN for a repository that resides in the same account/region as the current stack. ###### \`repository_name\`Required - *Type:* str --- ###### \`scope\`Required - *Type:* constructs.IConstruct --- ###### \`account\`Optional - *Type:* str --- ##### \`from_repository_arn\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.from_repository_arn( scope: Construct, id: str, repository_arn: str ) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* str --- ###### \`repository_arn\`Required - *Type:* str --- ##### \`from_repository_attributes\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.from_repository_attributes( scope: Construct, id: str, repository_arn: str, repository_name: str ) \`\`\` Import a repository. ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* str --- ###### \`repository_arn\`Required - *Type:* str --- ###### \`repository_name\`Required - *Type:* str --- ##### \`from_repository_name\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.from_repository_name( scope: Construct, id: str, repository_name: str ) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* str --- ###### \`repository_name\`Required - *Type:* str --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | env | aws_cdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.core.Stack | The stack in which this resource is defined. | | repository_arn | str | The ARN of the repository. | | repository_name | str | The name of the repository. | | repository_uri | str | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this resource is defined. --- ##### \`repository_arn\`Required \`\`\`python repository_arn: str \`\`\` - *Type:* str The ARN of the repository. --- ##### \`repository_name\`Required \`\`\`python repository_name: str \`\`\` - *Type:* str The name of the repository. --- ##### \`repository_uri\`Required \`\`\`python repository_uri: str \`\`\` - *Type:* str The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ### RepositoryBase - *Implements:* IRepository Base class for ECR repository. Reused between imported repositories and owned repositories. #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryBase( scope: Construct, id: str, account: str = None, environment_from_arn: str = None, physical_name: str = None, region: str = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | account | str | The AWS account ID this resource belongs to. | | environment_from_arn | str | ARN to deduce region and account from. | | physical_name | str | The value passed in by users to the physical name prop of the resource. | | region | str | The AWS region this resource belongs to. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`account\`Optional - *Type:* str - *Default:* the resource is in the same account as the stack it belongs to The AWS account ID this resource belongs to. --- ##### \`environment_from_arn\`Optional - *Type:* str - *Default:* take environment from \`account\`, \`region\` parameters, or use Stack environment. ARN to deduce region and account from. The ARN is parsed and the account and region are taken from the ARN. This should be used for imported resources. Cannot be supplied together with either \`account\` or \`region\`. --- ##### \`physical_name\`Optional - *Type:* str - *Default:* The physical name will be allocated by CloudFormation at deployment time The value passed in by users to the physical name prop of the resource. \`undefined\` implies that a physical name will be allocated by CloudFormation during deployment. - a concrete value implies a specific physical name - \`PhysicalName.GENERATE_IF_NEEDED\` is a marker that indicates that a physical will only be generated by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation. --- ##### \`region\`Optional - *Type:* str - *Default:* the resource is in the same region as the stack it belongs to The AWS region this resource belongs to. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | apply_removal_policy | Apply the given removal policy to this resource. | | add_to_resource_policy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grant_pull | Grant the given identity permissions to use the images in this repository. | | grant_pull_push | Grant the given identity permissions to pull and push images to this repository. | | on_cloud_trail_event | Define a CloudWatch event that triggers when something happens to this repository. | | on_cloud_trail_image_pushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | on_event | Defines a CloudWatch event rule which triggers for repository events. | | on_image_scan_completed | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repository_uri_for_digest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repository_uri_for_tag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy ) -> None \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws_cdk.core.RemovalPolicy --- ##### \`add_to_resource_policy\` \`\`\`python def add_to_resource_policy( statement: PolicyStatement ) -> AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* aws_cdk.aws_iam.PolicyStatement --- ##### \`grant\` \`\`\`python def grant( grantee: IGrantable, actions: str ) -> Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ###### \`actions\`Required - *Type:* str --- ##### \`grant_pull\` \`\`\`python def grant_pull( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`grant_pull_push\` \`\`\`python def grant_pull_push( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`on_cloud_trail_event\` \`\`\`python def on_cloud_trail_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_cloud_trail_image_pushed\` \`\`\`python def on_cloud_trail_image_pushed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tag\`Optional - *Type:* str - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ##### \`on_event\` \`\`\`python def on_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* str --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_image_scan_completed\` \`\`\`python def on_image_scan_completed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tags\`Optional - *Type:* typing.List[str] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ##### \`repository_uri_for_digest\` \`\`\`python def repository_uri_for_digest( digest: str = None ) -> str \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* str Optional image digest. --- ##### \`repository_uri_for_tag\` \`\`\`python def repository_uri_for_tag( tag: str = None ) -> str \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* str Optional image tag. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_resource | Check whether the given construct is a Resource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryBase.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryBase.is_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* aws_cdk.core.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | env | aws_cdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.core.Stack | The stack in which this resource is defined. | | repository_arn | str | The ARN of the repository. | | repository_name | str | The name of the repository. | | repository_uri | str | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this resource is defined. --- ##### \`repository_arn\`Required \`\`\`python repository_arn: str \`\`\` - *Type:* str The ARN of the repository. --- ##### \`repository_name\`Required \`\`\`python repository_name: str \`\`\` - *Type:* str The name of the repository. --- ##### \`repository_uri\`Required \`\`\`python repository_uri: str \`\`\` - *Type:* str The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Structs ### CfnPublicRepositoryProps Properties for defining a \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepositoryProps( repository_catalog_data: typing.Any = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repository_catalog_data | typing.Any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repository_name | str | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repository_policy_text | typing.Any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | typing.List[aws_cdk.core.CfnTag] | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`repository_catalog_data\`Optional \`\`\`python repository_catalog_data: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repository_policy_text\`Optional \`\`\`python repository_policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`python tags: typing.List[CfnTag] \`\`\` - *Type:* typing.List[aws_cdk.core.CfnTag] \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ### CfnRegistryPolicyProps Properties for defining a \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicyProps( policy_text: typing.Any ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | policy_text | typing.Any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`policy_text\`Required \`\`\`python policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- ### CfnReplicationConfigurationProps Properties for defining a \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfigurationProps( replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | replication_configuration | typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`replication_configuration\`Required \`\`\`python replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- ### CfnRepositoryProps Properties for defining a \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepositoryProps( encryption_configuration: typing.Any = None, image_scanning_configuration: typing.Any = None, image_tag_mutability: str = None, lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | encryption_configuration | typing.Any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | image_scanning_configuration | typing.Any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | image_tag_mutability | str | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecycle_policy | typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repository_name | str | \`AWS::ECR::Repository.RepositoryName\`. | | repository_policy_text | typing.Any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | typing.List[aws_cdk.core.CfnTag] | \`AWS::ECR::Repository.Tags\`. | --- ##### \`encryption_configuration\`Optional \`\`\`python encryption_configuration: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`image_scanning_configuration\`Optional \`\`\`python image_scanning_configuration: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`image_tag_mutability\`Optional \`\`\`python image_tag_mutability: str \`\`\` - *Type:* str \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecycle_policy\`Optional \`\`\`python lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repository_policy_text\`Optional \`\`\`python repository_policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`python tags: typing.List[CfnTag] \`\`\` - *Type:* typing.List[aws_cdk.core.CfnTag] \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ### LifecyclePolicyProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty( lifecycle_policy_text: str = None, registry_id: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | lifecycle_policy_text | str | \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. | | registry_id | str | \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. | --- ##### \`lifecycle_policy_text\`Optional \`\`\`python lifecycle_policy_text: str \`\`\` - *Type:* str \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext) --- ##### \`registry_id\`Optional \`\`\`python registry_id: str \`\`\` - *Type:* str \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid) --- ### LifecycleRule An ECR life cycle rule. #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.LifecycleRule( description: str = None, max_image_age: Duration = None, max_image_count: typing.Union[int, float] = None, rule_priority: typing.Union[int, float] = None, tag_prefix_list: typing.List[str] = None, tag_status: TagStatus = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | str | Describes the purpose of the rule. | | max_image_age | aws_cdk.core.Duration | The maximum age of images to retain. The value must represent a number of days. | | max_image_count | typing.Union[int, float] | The maximum number of images to retain. | | rule_priority | typing.Union[int, float] | Controls the order in which rules are evaluated (low to high). | | tag_prefix_list | typing.List[str] | Select images that have ALL the given prefixes in their tag. | | tag_status | TagStatus | Select images based on tags. | --- ##### \`description\`Optional \`\`\`python description: str \`\`\` - *Type:* str - *Default:* No description Describes the purpose of the rule. --- ##### \`max_image_age\`Optional \`\`\`python max_image_age: Duration \`\`\` - *Type:* aws_cdk.core.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`max_image_count\`Optional \`\`\`python max_image_count: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`rule_priority\`Optional \`\`\`python rule_priority: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ##### \`tag_prefix_list\`Optional \`\`\`python tag_prefix_list: typing.List[str] \`\`\` - *Type:* typing.List[str] Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ##### \`tag_status\`Optional \`\`\`python tag_status: TagStatus \`\`\` - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- ### OnCloudTrailImagePushedOptions Options for the onCloudTrailImagePushed method. #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions( description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | str | A description of the rule's purpose. | | event_pattern | aws_cdk.aws_events.EventPattern | Additional restrictions for the event to route to the specified target. | | rule_name | str | A name for the rule. | | target | aws_cdk.aws_events.IRuleTarget | The target to register for the event. | | image_tag | str | Only watch changes to this image tag. | --- ##### \`description\`Optional \`\`\`python description: str \`\`\` - *Type:* str - *Default:* No description A description of the rule's purpose. --- ##### \`event_pattern\`Optional \`\`\`python event_pattern: EventPattern \`\`\` - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`rule_name\`Optional \`\`\`python rule_name: str \`\`\` - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`python target: IRuleTarget \`\`\` - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`image_tag\`Optional \`\`\`python image_tag: str \`\`\` - *Type:* str - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ### OnImageScanCompletedOptions Options for the OnImageScanCompleted method. #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.OnImageScanCompletedOptions( description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | str | A description of the rule's purpose. | | event_pattern | aws_cdk.aws_events.EventPattern | Additional restrictions for the event to route to the specified target. | | rule_name | str | A name for the rule. | | target | aws_cdk.aws_events.IRuleTarget | The target to register for the event. | | image_tags | typing.List[str] | Only watch changes to the image tags spedified. | --- ##### \`description\`Optional \`\`\`python description: str \`\`\` - *Type:* str - *Default:* No description A description of the rule's purpose. --- ##### \`event_pattern\`Optional \`\`\`python event_pattern: EventPattern \`\`\` - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`rule_name\`Optional \`\`\`python rule_name: str \`\`\` - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`python target: IRuleTarget \`\`\` - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`image_tags\`Optional \`\`\`python image_tags: typing.List[str] \`\`\` - *Type:* typing.List[str] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ### ReplicationConfigurationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty( rules: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationRuleProperty]]] ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | rules | typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, ReplicationRuleProperty]]] | \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. | --- ##### \`rules\`Required \`\`\`python rules: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationRuleProperty]]] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, ReplicationRuleProperty]]] \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules) --- ### ReplicationDestinationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty( region: str, registry_id: str ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | region | str | \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. | | registry_id | str | \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. | --- ##### \`region\`Required \`\`\`python region: str \`\`\` - *Type:* str \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region) --- ##### \`registry_id\`Required \`\`\`python registry_id: str \`\`\` - *Type:* str \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid) --- ### ReplicationRuleProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty( destinations: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationDestinationProperty]]] ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | destinations | typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, ReplicationDestinationProperty]]] | \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. | --- ##### \`destinations\`Required \`\`\`python destinations: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationDestinationProperty]]] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, ReplicationDestinationProperty]]] \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations) --- ### RepositoryAttributes #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryAttributes( repository_arn: str, repository_name: str ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repository_arn | str | *No description.* | | repository_name | str | *No description.* | --- ##### \`repository_arn\`Required \`\`\`python repository_arn: str \`\`\` - *Type:* str --- ##### \`repository_name\`Required \`\`\`python repository_name: str \`\`\` - *Type:* str --- ### RepositoryProps #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryProps( image_scan_on_push: bool = None, image_tag_mutability: TagMutability = None, lifecycle_registry_id: str = None, lifecycle_rules: typing.List[LifecycleRule] = None, removal_policy: RemovalPolicy = None, repository_name: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | image_scan_on_push | bool | Enable the scan on push when creating the repository. | | image_tag_mutability | TagMutability | The tag mutability setting for the repository. | | lifecycle_registry_id | str | The AWS account ID associated with the registry that contains the repository. | | lifecycle_rules | typing.List[LifecycleRule] | Life cycle rules to apply to this registry. | | removal_policy | aws_cdk.core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repository_name | str | Name for this repository. | --- ##### \`image_scan_on_push\`Optional \`\`\`python image_scan_on_push: bool \`\`\` - *Type:* bool - *Default:* false Enable the scan on push when creating the repository. --- ##### \`image_tag_mutability\`Optional \`\`\`python image_tag_mutability: TagMutability \`\`\` - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycle_registry_id\`Optional \`\`\`python lifecycle_registry_id: str \`\`\` - *Type:* str - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycle_rules\`Optional \`\`\`python lifecycle_rules: typing.List[LifecycleRule] \`\`\` - *Type:* typing.List[LifecycleRule] - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removal_policy\`Optional \`\`\`python removal_policy: RemovalPolicy \`\`\` - *Type:* aws_cdk.core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str - *Default:* Automatically generated name. Name for this repository. --- ## Classes ### AuthorizationToken Authorization token to access private ECR repositories in the current environment via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) #### Static Functions | **Name** | **Description** | | --- | --- | | grant_read | Grant access to retrieve an authorization token. | --- ##### \`grant_read\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.AuthorizationToken.grant_read( grantee: IGrantable ) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ### PublicGalleryAuthorizationToken Authorization token to access the global public ECR Gallery via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth) #### Static Functions | **Name** | **Description** | | --- | --- | | grant_read | Grant access to retrieve an authorization token. | --- ##### \`grant_read\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.PublicGalleryAuthorizationToken.grant_read( grantee: IGrantable ) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ## Protocols ### IRepository - *Extends:* aws_cdk.core.IResource - *Implemented By:* Repository, RepositoryBase, IRepository Represents an ECR repository. #### Methods | **Name** | **Description** | | --- | --- | | add_to_resource_policy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grant_pull | Grant the given identity permissions to pull images in this repository. | | grant_pull_push | Grant the given identity permissions to pull and push images to this repository. | | on_cloud_trail_event | Define a CloudWatch event that triggers when something happens to this repository. | | on_cloud_trail_image_pushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | on_event | Defines a CloudWatch event rule which triggers for repository events. | | on_image_scan_completed | Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. | | repository_uri_for_digest | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | | repository_uri_for_tag | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | --- ##### \`add_to_resource_policy\` \`\`\`python def add_to_resource_policy( statement: PolicyStatement ) -> AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* aws_cdk.aws_iam.PolicyStatement --- ##### \`grant\` \`\`\`python def grant( grantee: IGrantable, actions: str ) -> Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ###### \`actions\`Required - *Type:* str --- ##### \`grant_pull\` \`\`\`python def grant_pull( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to pull images in this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`grant_pull_push\` \`\`\`python def grant_pull_push( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`on_cloud_trail_event\` \`\`\`python def on_cloud_trail_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_cloud_trail_image_pushed\` \`\`\`python def on_cloud_trail_image_pushed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tag\`Optional - *Type:* str - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ##### \`on_event\` \`\`\`python def on_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* str --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_image_scan_completed\` \`\`\`python def on_image_scan_completed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tags\`Optional - *Type:* typing.List[str] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ##### \`repository_uri_for_digest\` \`\`\`python def repository_uri_for_digest( digest: str = None ) -> str \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* str Image digest to use (tools usually default to the image with the "latest" tag if omitted). --- ##### \`repository_uri_for_tag\` \`\`\`python def repository_uri_for_tag( tag: str = None ) -> str \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* str Image tag to use (tools usually default to "latest" if omitted). --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node for this construct. | | env | aws_cdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.core.Stack | The stack in which this resource is defined. | | repository_arn | str | The ARN of the repository. | | repository_name | str | The name of the repository. | | repository_uri | str | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node for this construct. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this resource is defined. --- ##### \`repository_arn\`Required \`\`\`python repository_arn: str \`\`\` - *Type:* str The ARN of the repository. --- ##### \`repository_name\`Required \`\`\`python repository_name: str \`\`\` - *Type:* str The name of the repository. --- ##### \`repository_uri\`Required \`\`\`python repository_uri: str \`\`\` - *Type:* str The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Enums ### TagMutability The tag mutability setting for your repository. #### Members | **Name** | **Description** | | --- | --- | | MUTABLE | allow image tags to be overwritten. | | IMMUTABLE | all image tags within the repository will be immutable which will prevent them from being overwritten. | --- ##### \`MUTABLE\` allow image tags to be overwritten. --- ##### \`IMMUTABLE\` all image tags within the repository will be immutable which will prevent them from being overwritten. --- ### TagStatus Select images based on tags. #### Members | **Name** | **Description** | | --- | --- | | ANY | Rule applies to all images. | | TAGGED | Rule applies to tagged images. | | UNTAGGED | Rule applies to untagged images. | --- ##### \`ANY\` Rule applies to all images. --- ##### \`TAGGED\` Rule applies to tagged images. --- ##### \`UNTAGGED\` Rule applies to untagged images. --- " `; exports[`python snapshot - root module 1`] = ` "# Amazon ECR Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This package contains constructs for working with Amazon Elastic Container Registry. ## Repositories Define a repository by creating a new instance of \`Repository\`. A repository holds multiple verions of a single container image. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository = ecr.Repository(self, "Repository") \`\`\` ## Image scanning Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable \`imageScanOnPush\` in the properties \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository = ecr.Repository(stack, "Repo", image_scan_on_push=True ) \`\`\` To create an \`onImageScanCompleted\` event rule and trigger the event target \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository.on_image_scan_completed("ImageScanComplete").add_target(...) \`\`\` ### Authorization Token Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the \`GetAuthorizationToken\` ECR API. The following code snippets grants an IAM user access to call this API. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. import aws_cdk.aws_iam as iam import aws_cdk.aws_ecr as ecr user = iam.User(self, "User", ...) ecr.AuthorizationToken.grant_read(user) \`\`\` If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits. > See \`Pricing\` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html). The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. import aws_cdk.aws_iam as iam import aws_cdk.aws_ecr as ecr user = iam.User(self, "User", ...) ecr.PublicGalleryAuthorizationToken.grant_read(user) \`\`\` This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth). ### Image tag immutability You can set tag immutability on images in our repository using the \`imageTagMutability\` construct prop. \`\`\`python # Example automatically generated from non-compiling source. May contain errors. ecr.Repository(stack, "Repo", image_tag_mutability=ecr.TagMutability.IMMUTABLE) \`\`\` ## Automatically clean up repositories You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here): \`\`\`python # Example automatically generated from non-compiling source. May contain errors. repository.add_lifecycle_rule(tag_prefix_list=["prod"], max_image_count=9999) repository.add_lifecycle_rule(max_image_age=cdk.Duration.days(30)) \`\`\` # API Reference ## Constructs ### CfnPublicRepository - *Implements:* aws_cdk.core.IInspectable A CloudFormation \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository( scope: Construct, id: str, repository_catalog_data: typing.Any = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | aws_cdk.core.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | repository_catalog_data | typing.Any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repository_name | str | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repository_policy_text | typing.Any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | typing.List[aws_cdk.core.CfnTag] | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`scope\`Required - *Type:* aws_cdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`repository_catalog_data\`Optional - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repository_name\`Optional - *Type:* str \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repository_policy_text\`Optional - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional - *Type:* typing.List[aws_cdk.core.CfnTag] \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.core.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_element\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepository.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.core.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_arn | str | *No description.* | | tags | aws_cdk.core.TagManager | \`AWS::ECR::PublicRepository.Tags\`. | | repository_catalog_data | typing.Any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repository_policy_text | typing.Any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | repository_name | str | \`AWS::ECR::PublicRepository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_arn\`Required \`\`\`python attr_arn: str \`\`\` - *Type:* str --- ##### \`tags\`Required \`\`\`python tags: TagManager \`\`\` - *Type:* aws_cdk.core.TagManager \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ##### \`repository_catalog_data\`Required \`\`\`python repository_catalog_data: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repository_policy_text\`Required \`\`\`python repository_policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### CfnRegistryPolicy - *Implements:* aws_cdk.core.IInspectable A CloudFormation \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy( scope: Construct, id: str, policy_text: typing.Any ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | aws_cdk.core.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | policy_text | typing.Any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`scope\`Required - *Type:* aws_cdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`policy_text\`Required - *Type:* typing.Any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.core.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_element\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicy.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.core.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_registry_id | str | *No description.* | | policy_text | typing.Any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_registry_id\`Required \`\`\`python attr_registry_id: str \`\`\` - *Type:* str --- ##### \`policy_text\`Required \`\`\`python policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### CfnReplicationConfiguration - *Implements:* aws_cdk.core.IInspectable A CloudFormation \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration( scope: Construct, id: str, replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | aws_cdk.core.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | replication_configuration | typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`scope\`Required - *Type:* aws_cdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`replication_configuration\`Required - *Type:* typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.core.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_element\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.core.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_registry_id | str | *No description.* | | replication_configuration | typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_registry_id\`Required \`\`\`python attr_registry_id: str \`\`\` - *Type:* str --- ##### \`replication_configuration\`Required \`\`\`python replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### CfnRepository - *Implements:* aws_cdk.core.IInspectable A CloudFormation \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository( scope: Construct, id: str, encryption_configuration: typing.Any = None, image_scanning_configuration: typing.Any = None, image_tag_mutability: str = None, lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | aws_cdk.core.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | encryption_configuration | typing.Any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | image_scanning_configuration | typing.Any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | image_tag_mutability | str | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecycle_policy | typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repository_name | str | \`AWS::ECR::Repository.RepositoryName\`. | | repository_policy_text | typing.Any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | typing.List[aws_cdk.core.CfnTag] | \`AWS::ECR::Repository.Tags\`. | --- ##### \`scope\`Required - *Type:* aws_cdk.core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`encryption_configuration\`Optional - *Type:* typing.Any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`image_scanning_configuration\`Optional - *Type:* typing.Any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`image_tag_mutability\`Optional - *Type:* str \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecycle_policy\`Optional - *Type:* typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repository_name\`Optional - *Type:* str \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repository_policy_text\`Optional - *Type:* typing.Any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional - *Type:* typing.List[aws_cdk.core.CfnTag] \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.core.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_element\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.core.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_arn | str | *No description.* | | attr_repository_uri | str | *No description.* | | tags | aws_cdk.core.TagManager | \`AWS::ECR::Repository.Tags\`. | | encryption_configuration | typing.Any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | image_scanning_configuration | typing.Any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | repository_policy_text | typing.Any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | image_tag_mutability | str | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecycle_policy | typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repository_name | str | \`AWS::ECR::Repository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_arn\`Required \`\`\`python attr_arn: str \`\`\` - *Type:* str --- ##### \`attr_repository_uri\`Required \`\`\`python attr_repository_uri: str \`\`\` - *Type:* str --- ##### \`tags\`Required \`\`\`python tags: TagManager \`\`\` - *Type:* aws_cdk.core.TagManager \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ##### \`encryption_configuration\`Required \`\`\`python encryption_configuration: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`image_scanning_configuration\`Required \`\`\`python image_scanning_configuration: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`repository_policy_text\`Required \`\`\`python repository_policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`image_tag_mutability\`Optional \`\`\`python image_tag_mutability: str \`\`\` - *Type:* str \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecycle_policy\`Optional \`\`\`python lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### Repository Define an ECR repository. #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository( scope: Construct, id: str, image_scan_on_push: bool = None, image_tag_mutability: TagMutability = None, lifecycle_registry_id: str = None, lifecycle_rules: typing.List[LifecycleRule] = None, removal_policy: RemovalPolicy = None, repository_name: str = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | image_scan_on_push | bool | Enable the scan on push when creating the repository. | | image_tag_mutability | TagMutability | The tag mutability setting for the repository. | | lifecycle_registry_id | str | The AWS account ID associated with the registry that contains the repository. | | lifecycle_rules | typing.List[LifecycleRule] | Life cycle rules to apply to this registry. | | removal_policy | aws_cdk.core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repository_name | str | Name for this repository. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`image_scan_on_push\`Optional - *Type:* bool - *Default:* false Enable the scan on push when creating the repository. --- ##### \`image_tag_mutability\`Optional - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycle_registry_id\`Optional - *Type:* str - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycle_rules\`Optional - *Type:* typing.List[LifecycleRule] - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removal_policy\`Optional - *Type:* aws_cdk.core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repository_name\`Optional - *Type:* str - *Default:* Automatically generated name. Name for this repository. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | apply_removal_policy | Apply the given removal policy to this resource. | | add_to_resource_policy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grant_pull | Grant the given identity permissions to use the images in this repository. | | grant_pull_push | Grant the given identity permissions to pull and push images to this repository. | | on_cloud_trail_event | Define a CloudWatch event that triggers when something happens to this repository. | | on_cloud_trail_image_pushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | on_event | Defines a CloudWatch event rule which triggers for repository events. | | on_image_scan_completed | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repository_uri_for_digest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repository_uri_for_tag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | add_lifecycle_rule | Add a life cycle rule to the repository. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy ) -> None \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws_cdk.core.RemovalPolicy --- ##### \`add_to_resource_policy\` \`\`\`python def add_to_resource_policy( statement: PolicyStatement ) -> AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* aws_cdk.aws_iam.PolicyStatement --- ##### \`grant\` \`\`\`python def grant( grantee: IGrantable, actions: str ) -> Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ###### \`actions\`Required - *Type:* str --- ##### \`grant_pull\` \`\`\`python def grant_pull( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`grant_pull_push\` \`\`\`python def grant_pull_push( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`on_cloud_trail_event\` \`\`\`python def on_cloud_trail_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_cloud_trail_image_pushed\` \`\`\`python def on_cloud_trail_image_pushed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tag\`Optional - *Type:* str - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ##### \`on_event\` \`\`\`python def on_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* str --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_image_scan_completed\` \`\`\`python def on_image_scan_completed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tags\`Optional - *Type:* typing.List[str] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ##### \`repository_uri_for_digest\` \`\`\`python def repository_uri_for_digest( digest: str = None ) -> str \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* str Optional image digest. --- ##### \`repository_uri_for_tag\` \`\`\`python def repository_uri_for_tag( tag: str = None ) -> str \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* str Optional image tag. --- ##### \`add_lifecycle_rule\` \`\`\`python def add_lifecycle_rule( description: str = None, max_image_age: Duration = None, max_image_count: typing.Union[int, float] = None, rule_priority: typing.Union[int, float] = None, tag_prefix_list: typing.List[str] = None, tag_status: TagStatus = None ) -> None \`\`\` Add a life cycle rule to the repository. Life cycle rules automatically expire images from the repository that match certain conditions. ###### \`description\`Optional - *Type:* str - *Default:* No description Describes the purpose of the rule. --- ###### \`max_image_age\`Optional - *Type:* aws_cdk.core.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ###### \`max_image_count\`Optional - *Type:* typing.Union[int, float] The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ###### \`rule_priority\`Optional - *Type:* typing.Union[int, float] - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ###### \`tag_prefix_list\`Optional - *Type:* typing.List[str] Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ###### \`tag_status\`Optional - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_resource | Check whether the given construct is a Resource. | | arn_for_local_repository | Returns an ECR ARN for a repository that resides in the same account/region as the current stack. | | from_repository_arn | *No description.* | | from_repository_attributes | Import a repository. | | from_repository_name | *No description.* | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.is_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* aws_cdk.core.IConstruct --- ##### \`arn_for_local_repository\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.arn_for_local_repository( repository_name: str, scope: IConstruct, account: str = None ) \`\`\` Returns an ECR ARN for a repository that resides in the same account/region as the current stack. ###### \`repository_name\`Required - *Type:* str --- ###### \`scope\`Required - *Type:* constructs.IConstruct --- ###### \`account\`Optional - *Type:* str --- ##### \`from_repository_arn\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.from_repository_arn( scope: Construct, id: str, repository_arn: str ) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* str --- ###### \`repository_arn\`Required - *Type:* str --- ##### \`from_repository_attributes\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.from_repository_attributes( scope: Construct, id: str, repository_arn: str, repository_name: str ) \`\`\` Import a repository. ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* str --- ###### \`repository_arn\`Required - *Type:* str --- ###### \`repository_name\`Required - *Type:* str --- ##### \`from_repository_name\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.Repository.from_repository_name( scope: Construct, id: str, repository_name: str ) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* str --- ###### \`repository_name\`Required - *Type:* str --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | env | aws_cdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.core.Stack | The stack in which this resource is defined. | | repository_arn | str | The ARN of the repository. | | repository_name | str | The name of the repository. | | repository_uri | str | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this resource is defined. --- ##### \`repository_arn\`Required \`\`\`python repository_arn: str \`\`\` - *Type:* str The ARN of the repository. --- ##### \`repository_name\`Required \`\`\`python repository_name: str \`\`\` - *Type:* str The name of the repository. --- ##### \`repository_uri\`Required \`\`\`python repository_uri: str \`\`\` - *Type:* str The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ### RepositoryBase - *Implements:* IRepository Base class for ECR repository. Reused between imported repositories and owned repositories. #### Initializers \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryBase( scope: Construct, id: str, account: str = None, environment_from_arn: str = None, physical_name: str = None, region: str = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | account | str | The AWS account ID this resource belongs to. | | environment_from_arn | str | ARN to deduce region and account from. | | physical_name | str | The value passed in by users to the physical name prop of the resource. | | region | str | The AWS region this resource belongs to. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`account\`Optional - *Type:* str - *Default:* the resource is in the same account as the stack it belongs to The AWS account ID this resource belongs to. --- ##### \`environment_from_arn\`Optional - *Type:* str - *Default:* take environment from \`account\`, \`region\` parameters, or use Stack environment. ARN to deduce region and account from. The ARN is parsed and the account and region are taken from the ARN. This should be used for imported resources. Cannot be supplied together with either \`account\` or \`region\`. --- ##### \`physical_name\`Optional - *Type:* str - *Default:* The physical name will be allocated by CloudFormation at deployment time The value passed in by users to the physical name prop of the resource. \`undefined\` implies that a physical name will be allocated by CloudFormation during deployment. - a concrete value implies a specific physical name - \`PhysicalName.GENERATE_IF_NEEDED\` is a marker that indicates that a physical will only be generated by the CDK if it is needed for cross-environment references. Otherwise, it will be allocated by CloudFormation. --- ##### \`region\`Optional - *Type:* str - *Default:* the resource is in the same region as the stack it belongs to The AWS region this resource belongs to. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | apply_removal_policy | Apply the given removal policy to this resource. | | add_to_resource_policy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grant_pull | Grant the given identity permissions to use the images in this repository. | | grant_pull_push | Grant the given identity permissions to pull and push images to this repository. | | on_cloud_trail_event | Define a CloudWatch event that triggers when something happens to this repository. | | on_cloud_trail_image_pushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | on_event | Defines a CloudWatch event rule which triggers for repository events. | | on_image_scan_completed | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repository_uri_for_digest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repository_uri_for_tag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy ) -> None \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws_cdk.core.RemovalPolicy --- ##### \`add_to_resource_policy\` \`\`\`python def add_to_resource_policy( statement: PolicyStatement ) -> AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* aws_cdk.aws_iam.PolicyStatement --- ##### \`grant\` \`\`\`python def grant( grantee: IGrantable, actions: str ) -> Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ###### \`actions\`Required - *Type:* str --- ##### \`grant_pull\` \`\`\`python def grant_pull( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`grant_pull_push\` \`\`\`python def grant_pull_push( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`on_cloud_trail_event\` \`\`\`python def on_cloud_trail_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_cloud_trail_image_pushed\` \`\`\`python def on_cloud_trail_image_pushed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tag\`Optional - *Type:* str - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ##### \`on_event\` \`\`\`python def on_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* str --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_image_scan_completed\` \`\`\`python def on_image_scan_completed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tags\`Optional - *Type:* typing.List[str] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ##### \`repository_uri_for_digest\` \`\`\`python def repository_uri_for_digest( digest: str = None ) -> str \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* str Optional image digest. --- ##### \`repository_uri_for_tag\` \`\`\`python def repository_uri_for_tag( tag: str = None ) -> str \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* str Optional image tag. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Return whether the given object is a Construct. | | is_resource | Check whether the given construct is a Resource. | --- ##### \`is_construct\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryBase.is_construct( x: typing.Any ) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_resource\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryBase.is_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* aws_cdk.core.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node associated with this construct. | | env | aws_cdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.core.Stack | The stack in which this resource is defined. | | repository_arn | str | The ARN of the repository. | | repository_name | str | The name of the repository. | | repository_uri | str | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this resource is defined. --- ##### \`repository_arn\`Required \`\`\`python repository_arn: str \`\`\` - *Type:* str The ARN of the repository. --- ##### \`repository_name\`Required \`\`\`python repository_name: str \`\`\` - *Type:* str The name of the repository. --- ##### \`repository_uri\`Required \`\`\`python repository_uri: str \`\`\` - *Type:* str The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Structs ### CfnPublicRepositoryProps Properties for defining a \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnPublicRepositoryProps( repository_catalog_data: typing.Any = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repository_catalog_data | typing.Any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repository_name | str | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repository_policy_text | typing.Any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | typing.List[aws_cdk.core.CfnTag] | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`repository_catalog_data\`Optional \`\`\`python repository_catalog_data: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repository_policy_text\`Optional \`\`\`python repository_policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`python tags: typing.List[CfnTag] \`\`\` - *Type:* typing.List[aws_cdk.core.CfnTag] \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ### CfnRegistryPolicyProps Properties for defining a \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRegistryPolicyProps( policy_text: typing.Any ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | policy_text | typing.Any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`policy_text\`Required \`\`\`python policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- ### CfnReplicationConfigurationProps Properties for defining a \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfigurationProps( replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | replication_configuration | typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`replication_configuration\`Required \`\`\`python replication_configuration: typing.Union[IResolvable, ReplicationConfigurationProperty] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, ReplicationConfigurationProperty] \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- ### CfnRepositoryProps Properties for defining a \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepositoryProps( encryption_configuration: typing.Any = None, image_scanning_configuration: typing.Any = None, image_tag_mutability: str = None, lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] = None, repository_name: str = None, repository_policy_text: typing.Any = None, tags: typing.List[CfnTag] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | encryption_configuration | typing.Any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | image_scanning_configuration | typing.Any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | image_tag_mutability | str | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecycle_policy | typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repository_name | str | \`AWS::ECR::Repository.RepositoryName\`. | | repository_policy_text | typing.Any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | typing.List[aws_cdk.core.CfnTag] | \`AWS::ECR::Repository.Tags\`. | --- ##### \`encryption_configuration\`Optional \`\`\`python encryption_configuration: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`image_scanning_configuration\`Optional \`\`\`python image_scanning_configuration: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`image_tag_mutability\`Optional \`\`\`python image_tag_mutability: str \`\`\` - *Type:* str \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecycle_policy\`Optional \`\`\`python lifecycle_policy: typing.Union[IResolvable, LifecyclePolicyProperty] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, LifecyclePolicyProperty] \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repository_policy_text\`Optional \`\`\`python repository_policy_text: typing.Any \`\`\` - *Type:* typing.Any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`python tags: typing.List[CfnTag] \`\`\` - *Type:* typing.List[aws_cdk.core.CfnTag] \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ### LifecyclePolicyProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnRepository.LifecyclePolicyProperty( lifecycle_policy_text: str = None, registry_id: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | lifecycle_policy_text | str | \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. | | registry_id | str | \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. | --- ##### \`lifecycle_policy_text\`Optional \`\`\`python lifecycle_policy_text: str \`\`\` - *Type:* str \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext) --- ##### \`registry_id\`Optional \`\`\`python registry_id: str \`\`\` - *Type:* str \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid) --- ### LifecycleRule An ECR life cycle rule. #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.LifecycleRule( description: str = None, max_image_age: Duration = None, max_image_count: typing.Union[int, float] = None, rule_priority: typing.Union[int, float] = None, tag_prefix_list: typing.List[str] = None, tag_status: TagStatus = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | str | Describes the purpose of the rule. | | max_image_age | aws_cdk.core.Duration | The maximum age of images to retain. The value must represent a number of days. | | max_image_count | typing.Union[int, float] | The maximum number of images to retain. | | rule_priority | typing.Union[int, float] | Controls the order in which rules are evaluated (low to high). | | tag_prefix_list | typing.List[str] | Select images that have ALL the given prefixes in their tag. | | tag_status | TagStatus | Select images based on tags. | --- ##### \`description\`Optional \`\`\`python description: str \`\`\` - *Type:* str - *Default:* No description Describes the purpose of the rule. --- ##### \`max_image_age\`Optional \`\`\`python max_image_age: Duration \`\`\` - *Type:* aws_cdk.core.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`max_image_count\`Optional \`\`\`python max_image_count: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`rule_priority\`Optional \`\`\`python rule_priority: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ##### \`tag_prefix_list\`Optional \`\`\`python tag_prefix_list: typing.List[str] \`\`\` - *Type:* typing.List[str] Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ##### \`tag_status\`Optional \`\`\`python tag_status: TagStatus \`\`\` - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- ### OnCloudTrailImagePushedOptions Options for the onCloudTrailImagePushed method. #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.OnCloudTrailImagePushedOptions( description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | str | A description of the rule's purpose. | | event_pattern | aws_cdk.aws_events.EventPattern | Additional restrictions for the event to route to the specified target. | | rule_name | str | A name for the rule. | | target | aws_cdk.aws_events.IRuleTarget | The target to register for the event. | | image_tag | str | Only watch changes to this image tag. | --- ##### \`description\`Optional \`\`\`python description: str \`\`\` - *Type:* str - *Default:* No description A description of the rule's purpose. --- ##### \`event_pattern\`Optional \`\`\`python event_pattern: EventPattern \`\`\` - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`rule_name\`Optional \`\`\`python rule_name: str \`\`\` - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`python target: IRuleTarget \`\`\` - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`image_tag\`Optional \`\`\`python image_tag: str \`\`\` - *Type:* str - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ### OnImageScanCompletedOptions Options for the OnImageScanCompleted method. #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.OnImageScanCompletedOptions( description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | str | A description of the rule's purpose. | | event_pattern | aws_cdk.aws_events.EventPattern | Additional restrictions for the event to route to the specified target. | | rule_name | str | A name for the rule. | | target | aws_cdk.aws_events.IRuleTarget | The target to register for the event. | | image_tags | typing.List[str] | Only watch changes to the image tags spedified. | --- ##### \`description\`Optional \`\`\`python description: str \`\`\` - *Type:* str - *Default:* No description A description of the rule's purpose. --- ##### \`event_pattern\`Optional \`\`\`python event_pattern: EventPattern \`\`\` - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`rule_name\`Optional \`\`\`python rule_name: str \`\`\` - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`python target: IRuleTarget \`\`\` - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`image_tags\`Optional \`\`\`python image_tags: typing.List[str] \`\`\` - *Type:* typing.List[str] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ### ReplicationConfigurationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationConfigurationProperty( rules: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationRuleProperty]]] ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | rules | typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, ReplicationRuleProperty]]] | \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. | --- ##### \`rules\`Required \`\`\`python rules: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationRuleProperty]]] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, ReplicationRuleProperty]]] \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules) --- ### ReplicationDestinationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationDestinationProperty( region: str, registry_id: str ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | region | str | \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. | | registry_id | str | \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. | --- ##### \`region\`Required \`\`\`python region: str \`\`\` - *Type:* str \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region) --- ##### \`registry_id\`Required \`\`\`python registry_id: str \`\`\` - *Type:* str \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid) --- ### ReplicationRuleProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html) #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.CfnReplicationConfiguration.ReplicationRuleProperty( destinations: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationDestinationProperty]]] ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | destinations | typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, ReplicationDestinationProperty]]] | \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. | --- ##### \`destinations\`Required \`\`\`python destinations: typing.Union[IResolvable, typing.List[typing.Union[IResolvable, ReplicationDestinationProperty]]] \`\`\` - *Type:* typing.Union[aws_cdk.core.IResolvable, typing.List[typing.Union[aws_cdk.core.IResolvable, ReplicationDestinationProperty]]] \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations) --- ### RepositoryAttributes #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryAttributes( repository_arn: str, repository_name: str ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repository_arn | str | *No description.* | | repository_name | str | *No description.* | --- ##### \`repository_arn\`Required \`\`\`python repository_arn: str \`\`\` - *Type:* str --- ##### \`repository_name\`Required \`\`\`python repository_name: str \`\`\` - *Type:* str --- ### RepositoryProps #### Initializer \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.RepositoryProps( image_scan_on_push: bool = None, image_tag_mutability: TagMutability = None, lifecycle_registry_id: str = None, lifecycle_rules: typing.List[LifecycleRule] = None, removal_policy: RemovalPolicy = None, repository_name: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | image_scan_on_push | bool | Enable the scan on push when creating the repository. | | image_tag_mutability | TagMutability | The tag mutability setting for the repository. | | lifecycle_registry_id | str | The AWS account ID associated with the registry that contains the repository. | | lifecycle_rules | typing.List[LifecycleRule] | Life cycle rules to apply to this registry. | | removal_policy | aws_cdk.core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repository_name | str | Name for this repository. | --- ##### \`image_scan_on_push\`Optional \`\`\`python image_scan_on_push: bool \`\`\` - *Type:* bool - *Default:* false Enable the scan on push when creating the repository. --- ##### \`image_tag_mutability\`Optional \`\`\`python image_tag_mutability: TagMutability \`\`\` - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycle_registry_id\`Optional \`\`\`python lifecycle_registry_id: str \`\`\` - *Type:* str - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycle_rules\`Optional \`\`\`python lifecycle_rules: typing.List[LifecycleRule] \`\`\` - *Type:* typing.List[LifecycleRule] - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removal_policy\`Optional \`\`\`python removal_policy: RemovalPolicy \`\`\` - *Type:* aws_cdk.core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repository_name\`Optional \`\`\`python repository_name: str \`\`\` - *Type:* str - *Default:* Automatically generated name. Name for this repository. --- ## Classes ### AuthorizationToken Authorization token to access private ECR repositories in the current environment via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) #### Static Functions | **Name** | **Description** | | --- | --- | | grant_read | Grant access to retrieve an authorization token. | --- ##### \`grant_read\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.AuthorizationToken.grant_read( grantee: IGrantable ) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ### PublicGalleryAuthorizationToken Authorization token to access the global public ECR Gallery via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth) #### Static Functions | **Name** | **Description** | | --- | --- | | grant_read | Grant access to retrieve an authorization token. | --- ##### \`grant_read\` \`\`\`python import aws_cdk.aws_ecr aws_cdk.aws_ecr.PublicGalleryAuthorizationToken.grant_read( grantee: IGrantable ) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ## Protocols ### IRepository - *Extends:* aws_cdk.core.IResource - *Implemented By:* Repository, RepositoryBase, IRepository Represents an ECR repository. #### Methods | **Name** | **Description** | | --- | --- | | add_to_resource_policy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grant_pull | Grant the given identity permissions to pull images in this repository. | | grant_pull_push | Grant the given identity permissions to pull and push images to this repository. | | on_cloud_trail_event | Define a CloudWatch event that triggers when something happens to this repository. | | on_cloud_trail_image_pushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | on_event | Defines a CloudWatch event rule which triggers for repository events. | | on_image_scan_completed | Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. | | repository_uri_for_digest | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | | repository_uri_for_tag | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | --- ##### \`add_to_resource_policy\` \`\`\`python def add_to_resource_policy( statement: PolicyStatement ) -> AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* aws_cdk.aws_iam.PolicyStatement --- ##### \`grant\` \`\`\`python def grant( grantee: IGrantable, actions: str ) -> Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ###### \`actions\`Required - *Type:* str --- ##### \`grant_pull\` \`\`\`python def grant_pull( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to pull images in this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`grant_pull_push\` \`\`\`python def grant_pull_push( grantee: IGrantable ) -> Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* aws_cdk.aws_iam.IGrantable --- ##### \`on_cloud_trail_event\` \`\`\`python def on_cloud_trail_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_cloud_trail_image_pushed\` \`\`\`python def on_cloud_trail_image_pushed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tag: str = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tag\`Optional - *Type:* str - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ##### \`on_event\` \`\`\`python def on_event( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None ) -> Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* str --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`on_image_scan_completed\` \`\`\`python def on_image_scan_completed( id: str, description: str = None, event_pattern: EventPattern = None, rule_name: str = None, target: IRuleTarget = None, image_tags: typing.List[str] = None ) -> Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. ###### \`id\`Required - *Type:* str The id of the rule. --- ###### \`description\`Optional - *Type:* str - *Default:* No description A description of the rule's purpose. --- ###### \`event_pattern\`Optional - *Type:* aws_cdk.aws_events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ###### \`rule_name\`Optional - *Type:* str - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ###### \`target\`Optional - *Type:* aws_cdk.aws_events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ###### \`image_tags\`Optional - *Type:* typing.List[str] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ##### \`repository_uri_for_digest\` \`\`\`python def repository_uri_for_digest( digest: str = None ) -> str \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* str Image digest to use (tools usually default to the image with the "latest" tag if omitted). --- ##### \`repository_uri_for_tag\` \`\`\`python def repository_uri_for_tag( tag: str = None ) -> str \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* str Image tag to use (tools usually default to "latest" if omitted). --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | aws_cdk.core.ConstructNode | The construct tree node for this construct. | | env | aws_cdk.core.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.core.Stack | The stack in which this resource is defined. | | repository_arn | str | The ARN of the repository. | | repository_name | str | The name of the repository. | | repository_uri | str | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`python node: ConstructNode \`\`\` - *Type:* aws_cdk.core.ConstructNode The construct tree node for this construct. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.core.Stack The stack in which this resource is defined. --- ##### \`repository_arn\`Required \`\`\`python repository_arn: str \`\`\` - *Type:* str The ARN of the repository. --- ##### \`repository_name\`Required \`\`\`python repository_name: str \`\`\` - *Type:* str The name of the repository. --- ##### \`repository_uri\`Required \`\`\`python repository_uri: str \`\`\` - *Type:* str The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Enums ### TagMutability The tag mutability setting for your repository. #### Members | **Name** | **Description** | | --- | --- | | MUTABLE | allow image tags to be overwritten. | | IMMUTABLE | all image tags within the repository will be immutable which will prevent them from being overwritten. | --- ##### \`MUTABLE\` allow image tags to be overwritten. --- ##### \`IMMUTABLE\` all image tags within the repository will be immutable which will prevent them from being overwritten. --- ### TagStatus Select images based on tags. #### Members | **Name** | **Description** | | --- | --- | | ANY | Rule applies to all images. | | TAGGED | Rule applies to tagged images. | | UNTAGGED | Rule applies to untagged images. | --- ##### \`ANY\` Rule applies to all images. --- ##### \`TAGGED\` Rule applies to tagged images. --- ##### \`UNTAGGED\` Rule applies to untagged images. --- " `; exports[`python snapshot - submodules 1`] = ` "# Amazon EKS Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This construct library allows you to define [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com/eks/) clusters. In addition, the library also supports defining Kubernetes resource manifests within EKS clusters. ## Table Of Contents * [Quick Start](#quick-start) * [API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-eks-readme.html) * [Architectural Overview](#architectural-overview) * [Provisioning clusters](#provisioning-clusters) * [Managed node groups](#managed-node-groups) * [Fargate Profiles](#fargate-profiles) * [Self-managed nodes](#self-managed-nodes) * [Endpoint Access](#endpoint-access) * [VPC Support](#vpc-support) * [Kubectl Support](#kubectl-support) * [ARM64 Support](#arm64-support) * [Masters Role](#masters-role) * [Encryption](#encryption) * [Permissions and Security](#permissions-and-security) * [Applying Kubernetes Resources](#applying-kubernetes-resources) * [Kubernetes Manifests](#kubernetes-manifests) * [Helm Charts](#helm-charts) * [CDK8s Charts](#cdk8s-charts) * [Patching Kubernetes Resources](#patching-kubernetes-resources) * [Querying Kubernetes Resources](#querying-kubernetes-resources) * [Using existing clusters](#using-existing-clusters) * [Known Issues and Limitations](#known-issues-and-limitations) ## Quick Start This example defines an Amazon EKS cluster with the following configuration: * Dedicated VPC with default configuration (Implicitly created using [ec2.Vpc](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html#vpc)) * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image. \`\`\`ts // provisiong a cluster const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, }); // apply a kubernetes manifest to the cluster cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ] } }); \`\`\` In order to interact with your cluster through \`kubectl\`, you can use the \`aws eks update-kubeconfig\` [AWS CLI command](https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html) to configure your local kubeconfig. The EKS module will define a CloudFormation output in your stack which contains the command to run. For example: \`\`\`plaintext Outputs: ClusterConfigCommand43AAE40F = aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy \`\`\` Execute the \`aws eks update-kubeconfig ...\` command in your terminal to create or update a local kubeconfig context: \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` And now you can simply use \`kubectl\`: \`\`\`console $ kubectl get all -n kube-system NAME READY STATUS RESTARTS AGE pod/aws-node-fpmwv 1/1 Running 0 21m pod/aws-node-m9htf 1/1 Running 0 21m pod/coredns-5cb4fb54c7-q222j 1/1 Running 0 23m pod/coredns-5cb4fb54c7-v9nxx 1/1 Running 0 23m ... \`\`\` ## Architectural Overview The following is a qualitative diagram of the various possible components involved in the cluster deployment. \`\`\`text +-----------------------------------------------+ +-----------------+ | EKS Cluster | kubectl | | |-----------------------------------------------|<-------------+| Kubectl Handler | | | | | | | +-----------------+ | +--------------------+ +-----------------+ | | | | | | | | | Managed Node Group | | Fargate Profile | | +-----------------+ | | | | | | | | | +--------------------+ +-----------------+ | | Cluster Handler | | | | | +-----------------------------------------------+ +-----------------+ ^ ^ + | | | | connect self managed capacity | | aws-sdk | | create/update/delete | + | v +--------------------+ + +-------------------+ | | --------------+| eks.amazonaws.com | | Auto Scaling Group | +-------------------+ | | +--------------------+ \`\`\` In a nutshell: * \`EKS Cluster\` - The cluster endpoint created by EKS. * \`Managed Node Group\` - EC2 worker nodes managed by EKS. * \`Fargate Profile\` - Fargate worker nodes managed by EKS. * \`Auto Scaling Group\` - EC2 worker nodes managed by the user. * \`KubectlHandler\` - Lambda function for invoking \`kubectl\` commands on the cluster - created by CDK. * \`ClusterHandler\` - Lambda function for interacting with EKS API to manage the cluster lifecycle - created by CDK. A more detailed breakdown of each is provided further down this README. ## Provisioning clusters Creating a new cluster is done using the \`Cluster\` or \`FargateCluster\` constructs. The only required property is the kubernetes \`version\`. \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` You can also use \`FargateCluster\` to provision a cluster that uses only fargate workers. \`\`\`ts new eks.FargateCluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` > **NOTE: Only 1 cluster per stack is supported.** If you have a use-case for multiple clusters per stack, or would like to understand more about this limitation, see . Below you'll find a few important cluster configuration options. First of which is Capacity. Capacity is the amount and the type of worker nodes that are available to the cluster for deploying resources. Amazon EKS offers 3 ways of configuring capacity, which you can combine as you like: ### Managed node groups Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. With Amazon EKS managed node groups, you don’t need to separately provision or register the Amazon EC2 instances that provide compute capacity to run your Kubernetes applications. You can create, update, or terminate nodes for your cluster with a single operation. Nodes run using the latest Amazon EKS optimized AMIs in your AWS account while node updates and terminations gracefully drain nodes to ensure that your applications stay available. > For more details visit [Amazon EKS Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). **Managed Node Groups are the recommended way to allocate cluster capacity.** By default, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). At cluster instantiation time, you can customize the number of instances and their type: \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); \`\`\` To access the node group that was created on your behalf, you can use \`cluster.defaultNodegroup\`. Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the \`cluster.addNodegroupCapacity\` method: \`\`\`ts const cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 0, }); cluster.addNodegroupCapacity('custom-node-group', { instanceTypes: [new ec2.InstanceType('m5.large')], minSize: 4, diskSize: 100, amiType: eks.NodegroupAmiType.AL2_X86_64_GPU, ... }); \`\`\` #### Spot Instances Support Use \`capacityType\` to create managed node groups comprised of spot instances. To maximize the availability of your applications while using Spot Instances, we recommend that you configure a Spot managed node group to use multiple instance types with the \`instanceTypes\` property. > For more details visit [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types). \`\`\`ts cluster.addNodegroupCapacity('extra-ng-spot', { instanceTypes: [ new ec2.InstanceType('c5.large'), new ec2.InstanceType('c5a.large'), new ec2.InstanceType('c5d.large'), ], minSize: 3, capacityType: eks.CapacityType.SPOT, }); \`\`\` #### Launch Template Support You can specify a launch template that the node group will use. For example, this can be useful if you want to use a custom AMI or add custom user data. When supplying a custom user data script, it must be encoded in the MIME multi-part archive format, since Amazon EKS merges with its own user data. Visit the [Launch Template Docs](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data) for mode details. \`\`\`ts const userData = \`MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "Running custom user data script" --==MYBOUNDARY==--\\\\ \`; const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { instanceType: 't3.small', userData: Fn.base64(userData), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` Note that when using a custom AMI, Amazon EKS doesn't merge any user data. Which means you do not need the multi-part encoding. and are responsible for supplying the required bootstrap commands for nodes to join the cluster. In the following example, \`/ect/eks/bootstrap.sh\` from the AMI will be used to bootstrap the node. \`\`\`ts const userData = ec2.UserData.forLinux(); userData.addCommands( 'set -o xtrace', \`/etc/eks/bootstrap.sh \${cluster.clusterName}\`, ); const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { imageId: 'some-ami-id', // custom AMI instanceType: 't3.small', userData: Fn.base64(userData.render()), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` You may specify one \`instanceType\` in the launch template or multiple \`instanceTypes\` in the node group, **but not both**. > For more details visit [Launch Template Support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). Graviton 2 instance types are supported including \`c6g\`, \`m6g\`, \`r6g\` and \`t4g\`. ### Fargate profiles AWS Fargate is a technology that provides on-demand, right-sized compute capacity for containers. With AWS Fargate, you no longer have to provision, configure, or scale groups of virtual machines to run containers. This removes the need to choose server types, decide when to scale your node groups, or optimize cluster packing. You can control which pods start on Fargate and how they run with Fargate Profiles, which are defined as part of your Amazon EKS cluster. See [Fargate Considerations](https://docs.aws.amazon.com/eks/latest/userguide/fargate.html#fargate-considerations) in the AWS EKS User Guide. You can add Fargate Profiles to any EKS cluster defined in your CDK app through the \`addFargateProfile()\` method. The following example adds a profile that will match all pods from the "default" namespace: \`\`\`ts cluster.addFargateProfile('MyProfile', { selectors: [ { namespace: 'default' } ] }); \`\`\` You can also directly use the \`FargateProfile\` construct to create profiles under different scopes: \`\`\`ts new eks.FargateProfile(scope, 'MyProfile', { cluster, ... }); \`\`\` To create an EKS cluster that **only** uses Fargate capacity, you can use \`FargateCluster\`. The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns). \`\`\`ts const cluster = new eks.FargateCluster(this, 'MyCluster', { version: eks.KubernetesVersion.V1_19, }); \`\`\` **NOTE**: Classic Load Balancers and Network Load Balancers are not supported on pods running on Fargate. For ingress, we recommend that you use the [ALB Ingress Controller](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) on Amazon EKS (minimum version v1.1.4). ### Self-managed nodes Another way of allocating capacity to an EKS cluster is by using self-managed nodes. EC2 instances that are part of the auto-scaling group will serve as worker nodes for the cluster. This type of capacity is also commonly referred to as *EC2 Capacity** or *EC2 Nodes*. For a detailed overview please visit [Self Managed Nodes](https://docs.aws.amazon.com/eks/latest/userguide/worker.html). Creating an auto-scaling group and connecting it to the cluster is done using the \`cluster.addAutoScalingGroupCapacity\` method: \`\`\`ts cluster.addAutoScalingGroupCapacity('frontend-nodes', { instanceType: new ec2.InstanceType('t2.medium'), minCapacity: 3, vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC } }); \`\`\` To connect an already initialized auto-scaling group, use the \`cluster.connectAutoScalingGroupCapacity()\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...); cluster.connectAutoScalingGroupCapacity(asg); \`\`\` In both cases, the [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#cluster-sg) will be automatically attached to the auto-scaling group, allowing for traffic to flow freely between managed and self-managed nodes. > **Note:** The default \`updateType\` for auto-scaling groups does not replace existing nodes. Since security groups are determined at launch time, self-managed nodes that were provisioned with version \`1.78.0\` or lower, will not be updated. > To apply the new configuration on all your self-managed nodes, you'll need to replace the nodes using the \`UpdateType.REPLACING_UPDATE\` policy for the [\`updateType\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-autoscaling.AutoScalingGroup.html#updatetypespan-classapi-icon-api-icon-deprecated-titlethis-api-element-is-deprecated-its-use-is-not-recommended%EF%B8%8Fspan) property. You can customize the [/etc/eks/boostrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) script, which is responsible for bootstrapping the node to the EKS cluster. For example, you can use \`kubeletExtraArgs\` to add custom node labels or taints. \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { instanceType: new ec2.InstanceType('t3.large'), minCapacity: 2, bootstrapOptions: { kubeletExtraArgs: '--node-labels foo=bar,goo=far', awsApiRetryAttempts: 5 } }); \`\`\` To disable bootstrapping altogether (i.e. to fully customize user-data), set \`bootstrapEnabled\` to \`false\`. You can also configure the cluster to use an auto-scaling group as the default capacity: \`\`\`ts cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacityType: eks.DefaultCapacityType.EC2, }); \`\`\` This will allocate an auto-scaling group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). To access the \`AutoScalingGroup\` that was created on your behalf, you can use \`cluster.defaultCapacity\`. You can also independently create an \`AutoScalingGroup\` and connect it to the cluster using the \`cluster.connectAutoScalingGroupCapacity\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...) cluster.connectAutoScalingGroupCapacity(asg); \`\`\` This will add the necessary user-data to access the apiserver and configure all connections, roles, and tags needed for the instances in the auto-scaling group to properly join the cluster. #### Spot Instances When using self-managed nodes, you can configure the capacity to use spot instances, greatly reducing capacity cost. To enable spot capacity, use the \`spotPrice\` property: \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { spotPrice: '0.1094', instanceType: new ec2.InstanceType('t3.large'), maxCapacity: 10 }); \`\`\` > Spot instance nodes will be labeled with \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. The [AWS Node Termination Handler](https://github.com/aws/aws-node-termination-handler) \`DaemonSet\` will be installed from [Amazon EKS Helm chart repository](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler) on these nodes. The termination handler ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as [EC2 maintenance events](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) and [EC2 Spot interruptions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html) and helps gracefully stop all pods running on spot nodes that are about to be terminated. > Handler Version: [1.7.0](https://github.com/aws/aws-node-termination-handler/releases/tag/v1.7.0) > > Chart Version: [0.9.5](https://github.com/aws/eks-charts/blob/v0.0.28/stable/aws-node-termination-handler/Chart.yaml) To disable the installation of the termination handler, set the \`spotInterruptHandler\` property to \`false\`. This applies both to \`addAutoScalingGroupCapacity\` and \`connectAutoScalingGroupCapacity\`. #### Bottlerocket [Bottlerocket](https://aws.amazon.com/bottlerocket/) is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts. At this moment, \`Bottlerocket\` is only supported when using self-managed auto-scaling groups. > **NOTICE**: Bottlerocket is only available in [some supported AWS regions](https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#finding-an-ami). The following example will create an auto-scaling group of 2 \`t3.small\` Linux instances running with the \`Bottlerocket\` AMI. \`\`\`ts cluster.addAutoScalingGroupCapacity('BottlerocketNodes', { instanceType: new ec2.InstanceType('t3.small'), minCapacity: 2, machineImageType: eks.MachineImageType.BOTTLEROCKET }); \`\`\` The specific Bottlerocket AMI variant will be auto selected according to the k8s version for the \`x86_64\` architecture. For example, if the Amazon EKS cluster version is \`1.17\`, the Bottlerocket AMI variant will be auto selected as \`aws-k8s-1.17\` behind the scene. > See [Variants](https://github.com/bottlerocket-os/bottlerocket/blob/develop/README.md#variants) for more details. Please note Bottlerocket does not allow to customize bootstrap options and \`bootstrapOptions\` properties is not supported when you create the \`Bottlerocket\` capacity. ### Endpoint Access When you create a new cluster, Amazon EKS creates an endpoint for the managed Kubernetes API server that you use to communicate with your cluster (using Kubernetes management tools such as \`kubectl\`) By default, this API server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC). You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the \`endpointAccess\` property: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, endpointAccess: eks.EndpointAccess.PRIVATE // No access outside of your VPC. }); \`\`\` The default value is \`eks.EndpointAccess.PUBLIC_AND_PRIVATE\`. Which means the cluster endpoint is accessible from outside of your VPC, but worker node traffic and \`kubectl\` commands issued by this library stay within your VPC. ### VPC Support You can specify the VPC of the cluster using the \`vpc\` and \`vpcSubnets\` properties: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }] }); \`\`\` > Note: Isolated VPCs (i.e with no internet access) are not currently supported. See https://github.com/aws/aws-cdk/issues/12171 If you do not specify a VPC, one will be created on your behalf, which you can then access via \`cluster.vpc\`. The cluster VPC will be associated to any EKS managed capacity (i.e Managed Node Groups and Fargate Profiles). If you allocate self managed capacity, you can specify which subnets should the auto-scaling group use: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); cluster.addAutoScalingGroupCapacity('nodes', { vpcSubnets: { subnets: vpc.privateSubnets } }); \`\`\` There are two additional components you might want to provision within the VPC. #### Kubectl Handler The \`KubectlHandler\` is a Lambda function responsible to issuing \`kubectl\` and \`helm\` commands against the cluster when you add resource manifests to the cluster. The handler association to the VPC is derived from the \`endpointAccess\` configuration. The rule of thumb is: *If the cluster VPC can be associated, it will be*. Breaking this down, it means that if the endpoint exposes private access (via \`EndpointAccess.PRIVATE\` or \`EndpointAccess.PUBLIC_AND_PRIVATE\`), and the VPC contains **private** subnets, the Lambda function will be provisioned inside the VPC and use the private subnets to interact with the cluster. This is the common use-case. If the endpoint does not expose private access (via \`EndpointAccess.PUBLIC\`) **or** the VPC does not contain private subnets, the function will not be provisioned within the VPC. #### Cluster Handler The \`ClusterHandler\` is a Lambda function responsible to interact with the EKS API in order to control the cluster lifecycle. To provision this function inside the VPC, set the \`placeClusterHandlerInVpc\` property to \`true\`. This will place the function inside the private subnets of the VPC based on the selection strategy specified in the [\`vpcSubnets\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-eks.Cluster.html#vpcsubnetsspan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) property. You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, clusterHandlerEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` ### Kubectl Support The resources are created in the cluster by running \`kubectl apply\` from a python lambda function. #### Environment You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` #### Runtime The kubectl handler uses \`kubectl\`, \`helm\` and the \`aws\` CLI in order to interact with the cluster. These are bundled into AWS Lambda layers included in the \`@aws-cdk/lambda-layer-awscli\` and \`@aws-cdk/lambda-layer-kubectl\` modules. You can specify a custom \`lambda.LayerVersion\` if you wish to use a different version of these tools. The handler expects the layer to include the following three executables: \`\`\`text helm/helm kubectl/kubectl awscli/aws \`\`\` See more information in the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-awscli/layer) for @aws-cdk/lambda-layer-awscli and the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-kubectl/layer) for @aws-cdk/lambda-layer-kubectl. \`\`\`ts const layer = new lambda.LayerVersion(this, 'KubectlLayer', { code: lambda.Code.fromAsset('layer.zip'), }); \`\`\` Now specify when the cluster is defined: \`\`\`ts const cluster = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, }); // or const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlLayer: layer, }); \`\`\` #### Memory By default, the kubectl provider is configured with 1024MiB of memory. You can use the \`kubectlMemory\` option to specify the memory size for the AWS Lambda function: \`\`\`ts import { Size } from 'aws-cdk-lib'; new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); // or eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); \`\`\` ### ARM64 Support Instance types with \`ARM64\` architecture are supported in both managed nodegroup and self-managed capacity. Simply specify an ARM64 \`instanceType\` (such as \`m6g.medium\`), and the latest Amazon Linux 2 AMI for ARM64 will be automatically selected. \`\`\`ts // add a managed ARM64 nodegroup cluster.addNodegroupCapacity('extra-ng-arm', { instanceTypes: [new ec2.InstanceType('m6g.medium')], minSize: 2, }); // add a self-managed ARM64 nodegroup cluster.addAutoScalingGroupCapacity('self-ng-arm', { instanceType: new ec2.InstanceType('m6g.medium'), minCapacity: 2, }) \`\`\` ### Masters Role When you create a cluster, you can specify a \`mastersRole\`. The \`Cluster\` construct will associate this role with the \`system:masters\` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster. \`\`\`ts const role = new iam.Role(...); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, mastersRole: role, }); \`\`\` If you do not specify it, a default role will be created on your behalf, that can be assumed by anyone in the account with \`sts:AssumeRole\` permissions for this role. This is the role you see as part of the stack outputs mentioned in the [Quick Start](#quick-start). \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` ### Encryption When you create an Amazon EKS cluster, envelope encryption of Kubernetes secrets using the AWS Key Management Service (AWS KMS) can be enabled. The documentation on [creating a cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) can provide more details about the customer master key (CMK) that can be used for the encryption. You can use the \`secretsEncryptionKey\` to configure which key the cluster will use to encrypt Kubernetes secrets. By default, an AWS Managed key will be used. > This setting can only be specified when the cluster is created and cannot be updated. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, // ... }); \`\`\` You can also use a similar configuration for running a cluster built using the FargateCluster construct. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey }); \`\`\` The Amazon Resource Name (ARN) for that CMK can be retrieved. \`\`\`ts const clusterEncryptionConfigKeyArn = cluster.clusterEncryptionConfigKeyArn; \`\`\` ## Permissions and Security Amazon EKS provides several mechanism of securing the cluster and granting permissions to specific IAM users and roles. ### AWS IAM Mapping As described in the [Amazon EKS User Guide](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html), you can map AWS IAM users and roles to [Kubernetes Role-based access control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac). The Amazon EKS construct manages the *aws-auth* \`ConfigMap\` Kubernetes resource on your behalf and exposes an API through the \`cluster.awsAuth\` for mapping users, roles and accounts. Furthermore, when auto-scaling group capacity is added to the cluster, the IAM instance role of the auto-scaling group will be automatically mapped to RBAC so nodes can connect to the cluster. No manual mapping is required. For example, let's say you want to grant an IAM user administrative privileges on your cluster: \`\`\`ts const adminUser = new iam.User(this, 'Admin'); cluster.awsAuth.addUserMapping(adminUser, { groups: [ 'system:masters' ]}); \`\`\` A convenience method for mapping a role to the \`system:masters\` group is also available: \`\`\`ts cluster.awsAuth.addMastersRole(role) \`\`\` ### Cluster Security Group When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) is automatically created as well. This security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. The ID for that security group can be retrieved after creating the cluster. \`\`\`ts const clusterSecurityGroupId = cluster.clusterSecurityGroupId; \`\`\` ### Node SSH Access If you want to be able to SSH into your worker nodes, you must already have an SSH key in the region you're connecting to and pass it when you add capacity to the cluster. You must also be able to connect to the hosts (meaning they must have a public IP and you should be allowed to connect to them on port 22): See [SSH into nodes](test/example.ssh-into-nodes.lit.ts) for a code example. If you want to SSH into nodes in a private subnet, you should set up a bastion host in a public subnet. That setup is recommended, but is unfortunately beyond the scope of this documentation. ### Service Accounts With services account you can provide Kubernetes Pods access to AWS resources. \`\`\`ts // add service account const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); const mypod = cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { serviceAccountName: sa.serviceAccountName containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ], } ] } }); // create the resource after the service account. mypod.node.addDependency(sa); // print the IAM role arn for this service account new cdk.CfnOutput(this, 'ServiceAccountIamRole', { value: sa.role.roleArn }) \`\`\` Note that using \`sa.serviceAccountName\` above **does not** translate into a resource dependency. This is why an explicit dependency is needed. See for more details. You can also add service accounts to existing clusters. To do so, pass the \`openIdConnectProvider\` property when you import the cluster into the application. \`\`\`ts // you can import an existing provider const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC'); // or create a new one using an existing issuer url const provider = new eks.OpenIdConnectProvider(this, 'Provider', issuerUrl); const cluster = eks.Cluster.fromClusterAttributes({ clusterName: 'Cluster', openIdConnectProvider: provider, kubectlRoleArn: 'arn:aws:iam::123456:role/service-role/k8sservicerole', }); const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); // ... \`\`\` Note that adding service accounts requires running \`kubectl\` commands against the cluster. This means you must also pass the \`kubectlRoleArn\` when importing the cluster. See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/master/packages/@aws-cdk/aws-eks#using-existing-clusters). ## Applying Kubernetes Resources The library supports several popular resource deployment mechanisms, among which are: ### Kubernetes Manifests The \`KubernetesManifest\` construct or \`cluster.addManifest\` method can be used to apply Kubernetes resource manifests to this cluster. > When using \`cluster.addManifest\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new KubernetesManifest\` to create the manifest in the scope of the other stack. The following examples will deploy the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) service on the cluster: \`\`\`ts const appLabel = { app: "hello-kubernetes" }; const deployment = { apiVersion: "apps/v1", kind: "Deployment", metadata: { name: "hello-kubernetes" }, spec: { replicas: 3, selector: { matchLabels: appLabel }, template: { metadata: { labels: appLabel }, spec: { containers: [ { name: "hello-kubernetes", image: "paulbouwer/hello-kubernetes:1.5", ports: [ { containerPort: 8080 } ] } ] } } } }; const service = { apiVersion: "v1", kind: "Service", metadata: { name: "hello-kubernetes" }, spec: { type: "LoadBalancer", ports: [ { port: 80, targetPort: 8080 } ], selector: appLabel } }; // option 1: use a construct new KubernetesManifest(this, 'hello-kub', { cluster, manifest: [ deployment, service ] }); // or, option2: use \`addManifest\` cluster.addManifest('hello-kub', service, deployment); \`\`\` #### Adding resources from a URL The following example will deploy the resource manifest hosting on remote server: \`\`\`ts import * as yaml from 'js-yaml'; import * as request from 'sync-request'; const manifestUrl = 'https://url/of/manifest.yaml'; const manifest = yaml.safeLoadAll(request('GET', manifestUrl).getBody()); cluster.addManifest('my-resource', ...manifest); \`\`\` #### Dependencies There are cases where Kubernetes resources must be deployed in a specific order. For example, you cannot define a resource in a Kubernetes namespace before the namespace was created. You can represent dependencies between \`KubernetesManifest\`s using \`resource.node.addDependency()\`: \`\`\`ts const namespace = cluster.addManifest('my-namespace', { apiVersion: 'v1', kind: 'Namespace', metadata: { name: 'my-app' } }); const service = cluster.addManifest('my-service', { metadata: { name: 'myservice', namespace: 'my-app' }, spec: // ... }); service.node.addDependency(namespace); // will apply \`my-namespace\` before \`my-service\`. \`\`\` **NOTE:** when a \`KubernetesManifest\` includes multiple resources (either directly or through \`cluster.addManifest()\`) (e.g. \`cluster.addManifest('foo', r1, r2, r3,...)\`), these resources will be applied as a single manifest via \`kubectl\` and will be applied sequentially (the standard behavior in \`kubectl\`). --- Since Kubernetes manifests are implemented as CloudFormation resources in the CDK. This means that if the manifest is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`kubectl delete\` command and the Kubernetes resources in that manifest will be deleted. #### Resource Pruning When a resource is deleted from a Kubernetes manifest, the EKS module will automatically delete these resources by injecting a _prune label_ to all manifest resources. This label is then passed to [\`kubectl apply --prune\`]. [\`kubectl apply --prune\`]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label Pruning is enabled by default but can be disabled through the \`prune\` option when a cluster is defined: \`\`\`ts new Cluster(this, 'MyCluster', { prune: false }); \`\`\` #### Manifests Validation The \`kubectl\` CLI supports applying a manifest by skipping the validation. This can be accomplished by setting the \`skipValidation\` flag to \`true\` in the \`KubernetesManifest\` props. \`\`\`ts new eks.KubernetesManifest(this, 'HelloAppWithoutValidation', { cluster: this.cluster, manifest: [ deployment, service ], skipValidation: true, }); \`\`\` ### Helm Charts The \`HelmChart\` construct or \`cluster.addHelmChart\` method can be used to add Kubernetes resources to this cluster using Helm. > When using \`cluster.addHelmChart\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new HelmChart\` to create the chart in the scope of the other stack. The following example will install the [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to your cluster using Helm. \`\`\`ts // option 1: use a construct new HelmChart(this, 'NginxIngress', { cluster, chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); // or, option2: use \`addHelmChart\` cluster.addHelmChart('NginxIngress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); \`\`\` Helm charts will be installed and updated using \`helm upgrade --install\`, where a few parameters are being passed down (such as \`repo\`, \`values\`, \`version\`, \`namespace\`, \`wait\`, \`timeout\`, etc). This means that if the chart is added to CDK with the same release name, it will try to update the chart in the cluster. Helm charts are implemented as CloudFormation resources in CDK. This means that if the chart is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`helm uninstall\` command and the Helm chart will be deleted. When there is no \`release\` defined, a unique ID will be allocated for the release based on the construct path. By default, all Helm charts will be installed concurrently. In some cases, this could cause race conditions where two Helm charts attempt to deploy the same resource or if Helm charts depend on each other. You can use \`chart.node.addDependency()\` in order to declare a dependency order between charts: \`\`\`ts const chart1 = cluster.addHelmChart(...); const chart2 = cluster.addHelmChart(...); chart2.node.addDependency(chart1); \`\`\` #### CDK8s Charts [CDK8s](https://cdk8s.io/) is an open-source library that enables Kubernetes manifest authoring using familiar programming languages. It is founded on the same technologies as the AWS CDK, such as [\`constructs\`](https://github.com/aws/constructs) and [\`jsii\`](https://github.com/aws/jsii). > To learn more about cdk8s, visit the [Getting Started](https://github.com/awslabs/cdk8s/tree/master/docs/getting-started) tutorials. The EKS module natively integrates with cdk8s and allows you to apply cdk8s charts on AWS EKS clusters via the \`cluster.addCdk8sChart\` method. In addition to \`cdk8s\`, you can also use [\`cdk8s+\`](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-plus), which provides higher level abstraction for the core kubernetes api objects. You can think of it like the \`L2\` constructs for Kubernetes. Any other \`cdk8s\` based libraries are also supported, for example [\`cdk8s-debore\`](https://github.com/toricls/cdk8s-debore). To get started, add the following dependencies to your \`package.json\` file: \`\`\`json "dependencies": { "cdk8s": "0.30.0", "cdk8s-plus": "0.30.0", "constructs": "3.0.4" } \`\`\` > Note that the version of \`cdk8s\` must be \`>=0.30.0\`. Similarly to how you would create a stack by extending \`@aws-cdk/core.Stack\`, we recommend you create a chart of your own that extends \`cdk8s.Chart\`, and add your kubernetes resources to it. You can use \`aws-cdk\` construct attributes and properties inside your \`cdk8s\` construct freely. In this example we create a chart that accepts an \`s3.Bucket\` and passes its name to a kubernetes pod as an environment variable. Notice that the chart must accept a \`constructs.Construct\` type as its scope, not an \`@aws-cdk/core.Construct\` as you would normally use. For this reason, to avoid possible confusion, we will create the chart in a separate file: \`+ my-chart.ts\` \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface MyChartProps { readonly bucket: s3.Bucket; } export class MyChart extends cdk8s.Chart { constructor(scope: constructs.Construct, id: string, props: MyChartProps) { super(scope, id); new kplus.Pod(this, 'Pod', { spec: { containers: [ new kplus.Container({ image: 'my-image', env: { BUCKET_NAME: kplus.EnvValue.fromValue(props.bucket.bucketName), }, }), ], }, }); } } \`\`\` Then, in your AWS CDK app: \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as cdk8s from 'cdk8s'; import { MyChart } from './my-chart'; // some bucket.. const bucket = new s3.Bucket(this, 'Bucket'); // create a cdk8s chart and use \`cdk8s.App\` as the scope. const myChart = new MyChart(new cdk8s.App(), 'MyChart', { bucket }); // add the cdk8s chart to the cluster cluster.addCdk8sChart('my-chart', myChart); \`\`\` ##### Custom CDK8s Constructs You can also compose a few stock \`cdk8s+\` constructs into your own custom construct. However, since mixing scopes between \`aws-cdk\` and \`cdk8s\` is currently not supported, the \`Construct\` class you'll need to use is the one from the [\`constructs\`](https://github.com/aws/constructs) module, and not from \`@aws-cdk/core\` like you normally would. This is why we used \`new cdk8s.App()\` as the scope of the chart above. \`\`\`ts import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface LoadBalancedWebService { readonly port: number; readonly image: string; readonly replicas: number; } export class LoadBalancedWebService extends constructs.Construct { constructor(scope: constructs.Construct, id: string, props: LoadBalancedWebService) { super(scope, id); const deployment = new kplus.Deployment(chart, 'Deployment', { spec: { replicas: props.replicas, podSpecTemplate: { containers: [ new kplus.Container({ image: props.image }) ] } }, }); deployment.expose({port: props.port, serviceType: kplus.ServiceType.LOAD_BALANCER}) } } \`\`\` ##### Manually importing k8s specs and CRD's If you find yourself unable to use \`cdk8s+\`, or just like to directly use the \`k8s\` native objects or CRD's, you can do so by manually importing them using the \`cdk8s-cli\`. See [Importing kubernetes objects](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-cli#import) for detailed instructions. ## Patching Kubernetes Resources The \`KubernetesPatch\` construct can be used to update existing kubernetes resources. The following example can be used to patch the \`hello-kubernetes\` deployment from the example above with 5 replicas. \`\`\`ts new KubernetesPatch(this, 'hello-kub-deployment-label', { cluster, resourceName: "deployment/hello-kubernetes", applyPatch: { spec: { replicas: 5 } }, restorePatch: { spec: { replicas: 3 } } }) \`\`\` ## Querying Kubernetes Resources The \`KubernetesObjectValue\` construct can be used to query for information about kubernetes objects, and use that as part of your CDK application. For example, you can fetch the address of a [\`LoadBalancer\`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) type service: \`\`\`ts // query the load balancer address const myServiceAddress = new KubernetesObjectValue(this, 'LoadBalancerAttribute', { cluster: cluster, objectType: 'service', objectName: 'my-service', jsonPath: '.status.loadBalancer.ingress[0].hostname', // https://kubernetes.io/docs/reference/kubectl/jsonpath/ }); // pass the address to a lambda function const proxyFunction = new lambda.Function(this, 'ProxyFunction', { ... environment: { myServiceAddress: myServiceAddress.value }, }) \`\`\` Specifically, since the above use-case is quite common, there is an easier way to access that information: \`\`\`ts const loadBalancerAddress = cluster.getServiceLoadBalancerAddress('my-service'); \`\`\` ## Using existing clusters The Amazon EKS library allows defining Kubernetes resources such as [Kubernetes manifests](#kubernetes-resources) and [Helm charts](#helm-charts) on clusters that are not defined as part of your CDK app. First, you'll need to "import" a cluster to your CDK app. To do that, use the \`eks.Cluster.fromClusterAttributes()\` static method: \`\`\`ts const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { clusterName: 'my-cluster-name', kubectlRoleArn: 'arn:aws:iam::1111111:role/iam-role-that-has-masters-access', }); \`\`\` Then, you can use \`addManifest\` or \`addHelmChart\` to define resources inside your Kubernetes cluster. For example: \`\`\`ts cluster.addManifest('Test', { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'myconfigmap', }, data: { Key: 'value', Another: '123454', }, }); \`\`\` At the minimum, when importing clusters for \`kubectl\` management, you will need to specify: * \`clusterName\` - the name of the cluster. * \`kubectlRoleArn\` - the ARN of an IAM role mapped to the \`system:masters\` RBAC role. If the cluster you are importing was created using the AWS CDK, the CloudFormation stack has an output that includes an IAM role that can be used. Otherwise, you can create an IAM role and map it to \`system:masters\` manually. The trust policy of this role should include the the \`arn:aws::iam::\${accountId}:root\` principal in order to allow the execution role of the kubectl resource to assume it. If the cluster is configured with private-only or private and restricted public Kubernetes [endpoint access](#endpoint-access), you must also specify: * \`kubectlSecurityGroupId\` - the ID of an EC2 security group that is allowed connections to the cluster's control security group. For example, the EKS managed [cluster security group](#cluster-security-group). * \`kubectlPrivateSubnetIds\` - a list of private VPC subnets IDs that will be used to access the Kubernetes endpoint. ## Known Issues and Limitations * [One cluster per stack](https://github.com/aws/aws-cdk/issues/10073) * [Service Account dependencies](https://github.com/aws/aws-cdk/issues/9910) * [Support isolated VPCs](https://github.com/aws/aws-cdk/issues/12171) # API Reference ## Constructs ### AwsAuth Manages mapping between IAM users and roles to Kubernetes RBAC configuration. > [https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html) #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.AwsAuth( scope: Construct, id: str, cluster: Cluster ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`cluster\`Required - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | add_account | Additional AWS account to add to the aws-auth configmap. | | add_masters_role | Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. | | add_role_mapping | Adds a mapping between an IAM role to a Kubernetes user and groups. | | add_user_mapping | Adds a mapping between an IAM user to a Kubernetes user and groups. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`add_account\` \`\`\`python def add_account( account_id: str ) -> None \`\`\` Additional AWS account to add to the aws-auth configmap. ###### \`account_id\`Required - *Type:* str account number. --- ##### \`add_masters_role\` \`\`\`python def add_masters_role( role: IRole, username: str = None ) -> None \`\`\` Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. ###### \`role\`Required - *Type:* aws_cdk.aws_iam.IRole The IAM role to add. --- ###### \`username\`Optional - *Type:* str Optional user (defaults to the role ARN). --- ##### \`add_role_mapping\` \`\`\`python def add_role_mapping( role: IRole, groups: typing.List[str], username: str = None ) -> None \`\`\` Adds a mapping between an IAM role to a Kubernetes user and groups. ###### \`role\`Required - *Type:* aws_cdk.aws_iam.IRole The IAM role to map. --- ###### \`groups\`Required - *Type:* typing.List[str] A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ###### \`username\`Optional - *Type:* str - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- ##### \`add_user_mapping\` \`\`\`python def add_user_mapping( user: IUser, groups: typing.List[str], username: str = None ) -> None \`\`\` Adds a mapping between an IAM user to a Kubernetes user and groups. ###### \`user\`Required - *Type:* aws_cdk.aws_iam.IUser The IAM user to map. --- ###### \`groups\`Required - *Type:* typing.List[str] A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ###### \`username\`Optional - *Type:* str - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.AwsAuth.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ### CfnAddon - *Implements:* aws_cdk.IInspectable A CloudFormation \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.CfnAddon( scope: Construct, id: str, addon_name: str, cluster_name: str, addon_version: str = None, resolve_conflicts: str = None, service_account_role_arn: str = None, tags: typing.List[CfnTag] = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | addon_name | str | \`AWS::EKS::Addon.AddonName\`. | | cluster_name | str | \`AWS::EKS::Addon.ClusterName\`. | | addon_version | str | \`AWS::EKS::Addon.AddonVersion\`. | | resolve_conflicts | str | \`AWS::EKS::Addon.ResolveConflicts\`. | | service_account_role_arn | str | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | tags | typing.List[aws_cdk.CfnTag] | \`AWS::EKS::Addon.Tags\`. | --- ##### \`scope\`Required - *Type:* constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`addon_name\`Required - *Type:* str \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`cluster_name\`Required - *Type:* str \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addon_version\`Optional - *Type:* str \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolve_conflicts\`Optional - *Type:* str \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`service_account_role_arn\`Optional - *Type:* str \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`tags\`Optional - *Type:* typing.List[aws_cdk.CfnTag] \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`python # Example automatically generated from non-compiling source. May contain errors. cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"]) cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE") \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.CfnAddon.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- ##### \`is_cfn_element\` \`\`\`python from aws_cdk import aws_eks aws_eks.CfnAddon.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python from aws_cdk import aws_eks aws_eks.CfnAddon.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_arn | str | *No description.* | | tags | aws_cdk.TagManager | \`AWS::EKS::Addon.Tags\`. | | addon_name | str | \`AWS::EKS::Addon.AddonName\`. | | cluster_name | str | \`AWS::EKS::Addon.ClusterName\`. | | addon_version | str | \`AWS::EKS::Addon.AddonVersion\`. | | resolve_conflicts | str | \`AWS::EKS::Addon.ResolveConflicts\`. | | service_account_role_arn | str | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_arn\`Required \`\`\`python attr_arn: str \`\`\` - *Type:* str --- ##### \`tags\`Required \`\`\`python tags: TagManager \`\`\` - *Type:* aws_cdk.TagManager \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ##### \`addon_name\`Required \`\`\`python addon_name: str \`\`\` - *Type:* str \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addon_version\`Optional \`\`\`python addon_version: str \`\`\` - *Type:* str \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolve_conflicts\`Optional \`\`\`python resolve_conflicts: str \`\`\` - *Type:* str \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`service_account_role_arn\`Optional \`\`\`python service_account_role_arn: str \`\`\` - *Type:* str \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### CfnCluster - *Implements:* aws_cdk.IInspectable A CloudFormation \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.CfnCluster( scope: Construct, id: str, resources_vpc_config: typing.Union[ResourcesVpcConfigProperty, IResolvable], role_arn: str, encryption_config: typing.Union[IResolvable, typing.List[typing.Union[EncryptionConfigProperty, IResolvable]]] = None, kubernetes_network_config: typing.Union[KubernetesNetworkConfigProperty, IResolvable] = None, name: str = None, version: str = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | resources_vpc_config | typing.Union[ResourcesVpcConfigProperty, aws_cdk.IResolvable] | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | role_arn | str | \`AWS::EKS::Cluster.RoleArn\`. | | encryption_config | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[EncryptionConfigProperty, aws_cdk.IResolvable]]] | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetes_network_config | typing.Union[KubernetesNetworkConfigProperty, aws_cdk.IResolvable] | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | str | \`AWS::EKS::Cluster.Name\`. | | version | str | \`AWS::EKS::Cluster.Version\`. | --- ##### \`scope\`Required - *Type:* constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`resources_vpc_config\`Required - *Type:* typing.Union[ResourcesVpcConfigProperty, aws_cdk.IResolvable] \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`role_arn\`Required - *Type:* str \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryption_config\`Optional - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[EncryptionConfigProperty, aws_cdk.IResolvable]]] \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetes_network_config\`Optional - *Type:* typing.Union[KubernetesNetworkConfigProperty, aws_cdk.IResolvable] \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional - *Type:* str \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional - *Type:* str \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`python # Example automatically generated from non-compiling source. May contain errors. cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"]) cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE") \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.CfnCluster.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- ##### \`is_cfn_element\` \`\`\`python from aws_cdk import aws_eks aws_eks.CfnCluster.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python from aws_cdk import aws_eks aws_eks.CfnCluster.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_arn | str | *No description.* | | attr_certificate_authority_data | str | *No description.* | | attr_cluster_security_group_id | str | *No description.* | | attr_encryption_config_key_arn | str | *No description.* | | attr_endpoint | str | *No description.* | | attr_open_id_connect_issuer_url | str | *No description.* | | resources_vpc_config | typing.Union[ResourcesVpcConfigProperty, aws_cdk.IResolvable] | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | role_arn | str | \`AWS::EKS::Cluster.RoleArn\`. | | encryption_config | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[EncryptionConfigProperty, aws_cdk.IResolvable]]] | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetes_network_config | typing.Union[KubernetesNetworkConfigProperty, aws_cdk.IResolvable] | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | str | \`AWS::EKS::Cluster.Name\`. | | version | str | \`AWS::EKS::Cluster.Version\`. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_arn\`Required \`\`\`python attr_arn: str \`\`\` - *Type:* str --- ##### \`attr_certificate_authority_data\`Required \`\`\`python attr_certificate_authority_data: str \`\`\` - *Type:* str --- ##### \`attr_cluster_security_group_id\`Required \`\`\`python attr_cluster_security_group_id: str \`\`\` - *Type:* str --- ##### \`attr_encryption_config_key_arn\`Required \`\`\`python attr_encryption_config_key_arn: str \`\`\` - *Type:* str --- ##### \`attr_endpoint\`Required \`\`\`python attr_endpoint: str \`\`\` - *Type:* str --- ##### \`attr_open_id_connect_issuer_url\`Required \`\`\`python attr_open_id_connect_issuer_url: str \`\`\` - *Type:* str --- ##### \`resources_vpc_config\`Required \`\`\`python resources_vpc_config: typing.Union[ResourcesVpcConfigProperty, IResolvable] \`\`\` - *Type:* typing.Union[ResourcesVpcConfigProperty, aws_cdk.IResolvable] \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`role_arn\`Required \`\`\`python role_arn: str \`\`\` - *Type:* str \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryption_config\`Optional \`\`\`python encryption_config: typing.Union[IResolvable, typing.List[typing.Union[EncryptionConfigProperty, IResolvable]]] \`\`\` - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[EncryptionConfigProperty, aws_cdk.IResolvable]]] \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetes_network_config\`Optional \`\`\`python kubernetes_network_config: typing.Union[KubernetesNetworkConfigProperty, IResolvable] \`\`\` - *Type:* typing.Union[KubernetesNetworkConfigProperty, aws_cdk.IResolvable] \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional \`\`\`python name: str \`\`\` - *Type:* str \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional \`\`\`python version: str \`\`\` - *Type:* str \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### CfnFargateProfile - *Implements:* aws_cdk.IInspectable A CloudFormation \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.CfnFargateProfile( scope: Construct, id: str, cluster_name: str, pod_execution_role_arn: str, selectors: typing.Union[IResolvable, typing.List[typing.Union[SelectorProperty, IResolvable]]], fargate_profile_name: str = None, subnets: typing.List[str] = None, tags: typing.List[CfnTag] = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | cluster_name | str | \`AWS::EKS::FargateProfile.ClusterName\`. | | pod_execution_role_arn | str | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[SelectorProperty, aws_cdk.IResolvable]]] | \`AWS::EKS::FargateProfile.Selectors\`. | | fargate_profile_name | str | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | typing.List[str] | \`AWS::EKS::FargateProfile.Subnets\`. | | tags | typing.List[aws_cdk.CfnTag] | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`scope\`Required - *Type:* constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`cluster_name\`Required - *Type:* str \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`pod_execution_role_arn\`Required - *Type:* str \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[SelectorProperty, aws_cdk.IResolvable]]] \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargate_profile_name\`Optional - *Type:* str \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional - *Type:* typing.List[str] \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`tags\`Optional - *Type:* typing.List[aws_cdk.CfnTag] \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`python # Example automatically generated from non-compiling source. May contain errors. cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"]) cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE") \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.CfnFargateProfile.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- ##### \`is_cfn_element\` \`\`\`python from aws_cdk import aws_eks aws_eks.CfnFargateProfile.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python from aws_cdk import aws_eks aws_eks.CfnFargateProfile.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_arn | str | *No description.* | | tags | aws_cdk.TagManager | \`AWS::EKS::FargateProfile.Tags\`. | | cluster_name | str | \`AWS::EKS::FargateProfile.ClusterName\`. | | pod_execution_role_arn | str | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[SelectorProperty, aws_cdk.IResolvable]]] | \`AWS::EKS::FargateProfile.Selectors\`. | | fargate_profile_name | str | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | typing.List[str] | \`AWS::EKS::FargateProfile.Subnets\`. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_arn\`Required \`\`\`python attr_arn: str \`\`\` - *Type:* str --- ##### \`tags\`Required \`\`\`python tags: TagManager \`\`\` - *Type:* aws_cdk.TagManager \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`pod_execution_role_arn\`Required \`\`\`python pod_execution_role_arn: str \`\`\` - *Type:* str \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required \`\`\`python selectors: typing.Union[IResolvable, typing.List[typing.Union[SelectorProperty, IResolvable]]] \`\`\` - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[SelectorProperty, aws_cdk.IResolvable]]] \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargate_profile_name\`Optional \`\`\`python fargate_profile_name: str \`\`\` - *Type:* str \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional \`\`\`python subnets: typing.List[str] \`\`\` - *Type:* typing.List[str] \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### CfnNodegroup - *Implements:* aws_cdk.IInspectable A CloudFormation \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.CfnNodegroup( scope: Construct, id: str, cluster_name: str, node_role: str, subnets: typing.List[str], ami_type: str = None, capacity_type: str = None, disk_size: typing.Union[int, float] = None, force_update_enabled: typing.Union[bool, IResolvable] = None, instance_types: typing.List[str] = None, labels: typing.Any = None, launch_template: typing.Union[LaunchTemplateSpecificationProperty, IResolvable] = None, nodegroup_name: str = None, release_version: str = None, remote_access: typing.Union[RemoteAccessProperty, IResolvable] = None, scaling_config: typing.Union[ScalingConfigProperty, IResolvable] = None, tags: typing.Any = None, taints: typing.Union[IResolvable, typing.List[typing.Union[TaintProperty, IResolvable]]] = None, version: str = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | - scope in which this resource is defined. | | id | str | - scoped id of the resource. | | cluster_name | str | \`AWS::EKS::Nodegroup.ClusterName\`. | | node_role | str | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | typing.List[str] | \`AWS::EKS::Nodegroup.Subnets\`. | | ami_type | str | \`AWS::EKS::Nodegroup.AmiType\`. | | capacity_type | str | \`AWS::EKS::Nodegroup.CapacityType\`. | | disk_size | typing.Union[int, float] | \`AWS::EKS::Nodegroup.DiskSize\`. | | force_update_enabled | typing.Union[bool, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instance_types | typing.List[str] | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | labels | typing.Any | \`AWS::EKS::Nodegroup.Labels\`. | | launch_template | typing.Union[LaunchTemplateSpecificationProperty, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroup_name | str | \`AWS::EKS::Nodegroup.NodegroupName\`. | | release_version | str | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remote_access | typing.Union[RemoteAccessProperty, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scaling_config | typing.Union[ScalingConfigProperty, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | tags | typing.Any | \`AWS::EKS::Nodegroup.Tags\`. | | taints | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[TaintProperty, aws_cdk.IResolvable]]] | \`AWS::EKS::Nodegroup.Taints\`. | | version | str | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`scope\`Required - *Type:* constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* str scoped id of the resource. --- ##### \`cluster_name\`Required - *Type:* str \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`node_role\`Required - *Type:* str \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required - *Type:* typing.List[str] \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`ami_type\`Optional - *Type:* str \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacity_type\`Optional - *Type:* str \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`disk_size\`Optional - *Type:* typing.Union[int, float] \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`force_update_enabled\`Optional - *Type:* typing.Union[bool, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instance_types\`Optional - *Type:* typing.List[str] \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional - *Type:* typing.Any \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`launch_template\`Optional - *Type:* typing.Union[LaunchTemplateSpecificationProperty, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroup_name\`Optional - *Type:* str \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`release_version\`Optional - *Type:* str \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remote_access\`Optional - *Type:* typing.Union[RemoteAccessProperty, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scaling_config\`Optional - *Type:* typing.Union[ScalingConfigProperty, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`tags\`Optional - *Type:* typing.Any \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`taints\`Optional - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[TaintProperty, aws_cdk.IResolvable]]] \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional - *Type:* str \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | override_logical_id | Overrides the auto-generated logical ID with a specific ID. | | add_deletion_override | Syntactic sugar for \`addOverride(path, undefined)\`. | | add_depends_on | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | add_metadata | Add a value to the CloudFormation Resource Metadata. | | add_override | Adds an override to the synthesized CloudFormation resource. | | add_property_deletion_override | Adds an override that deletes the value of a property from the resource definition. | | add_property_override | Adds an override to a resource property. | | apply_removal_policy | Sets the deletion policy of the resource based on the removal policy specified. | | get_att | Returns a token for an runtime attribute of this resource. | | get_metadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`override_logical_id\` \`\`\`python def override_logical_id( new_logical_id: str ) -> None \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`new_logical_id\`Required - *Type:* str The new logical ID to use for this stack element. --- ##### \`add_deletion_override\` \`\`\`python def add_deletion_override( path: str ) -> None \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* str The path of the value to delete. --- ##### \`add_depends_on\` \`\`\`python def add_depends_on( target: CfnResource ) -> None \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws_cdk.CfnResource --- ##### \`add_metadata\` \`\`\`python def add_metadata( key: str, value: typing.Any ) -> None \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ###### \`value\`Required - *Type:* typing.Any --- ##### \`add_override\` \`\`\`python def add_override( path: str, value: typing.Any ) -> None \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`python # Example automatically generated from non-compiling source. May contain errors. cfn_resource.add_override("Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes", ["myattribute"]) cfn_resource.add_override("Properties.GlobalSecondaryIndexes.1.ProjectionType", "INCLUDE") \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* str The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* typing.Any The value. Could be primitive or complex. --- ##### \`add_property_deletion_override\` \`\`\`python def add_property_deletion_override( property_path: str ) -> None \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`property_path\`Required - *Type:* str The path to the property. --- ##### \`add_property_override\` \`\`\`python def add_property_override( property_path: str, value: typing.Any ) -> None \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`property_path\`Required - *Type:* str The path of the property. --- ###### \`value\`Required - *Type:* typing.Any The value. --- ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy = None, apply_to_update_replace_policy: bool = None, default: RemovalPolicy = None ) -> None \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws_cdk.RemovalPolicy --- ###### \`apply_to_update_replace_policy\`Optional - *Type:* bool - *Default:* true Apply the same deletion policy to the resource's "UpdateReplacePolicy". --- ###### \`default\`Optional - *Type:* aws_cdk.RemovalPolicy - *Default:* Default value is resource specific. To determine the default value for a resoure, please consult that specific resource's documentation. The default policy to apply in case the removal policy is not defined. --- ##### \`get_att\` \`\`\`python def get_att( attribute_name: str ) -> Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attribute_name\`Required - *Type:* str The name of the attribute. --- ##### \`get_metadata\` \`\`\`python def get_metadata( key: str ) -> typing.Any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* str --- ##### \`inspect\` \`\`\`python def inspect( inspector: TreeInspector ) -> None \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws_cdk.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | | is_cfn_element | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | is_cfn_resource | Check whether the given construct is a CfnResource. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.CfnNodegroup.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- ##### \`is_cfn_element\` \`\`\`python from aws_cdk import aws_eks aws_eks.CfnNodegroup.is_cfn_element( x: typing.Any ) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* typing.Any --- ##### \`is_cfn_resource\` \`\`\`python from aws_cdk import aws_eks aws_eks.CfnNodegroup.is_cfn_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | creation_stack | typing.List[str] | *No description.* | | logical_id | str | The logical ID for this CloudFormation stack element. | | stack | aws_cdk.Stack | The stack in which this element is defined. | | ref | str | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfn_options | aws_cdk.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfn_resource_type | str | AWS resource type. | | attr_arn | str | *No description.* | | attr_cluster_name | str | *No description.* | | attr_nodegroup_name | str | *No description.* | | tags | aws_cdk.TagManager | \`AWS::EKS::Nodegroup.Tags\`. | | cluster_name | str | \`AWS::EKS::Nodegroup.ClusterName\`. | | labels | typing.Any | \`AWS::EKS::Nodegroup.Labels\`. | | node_role | str | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | typing.List[str] | \`AWS::EKS::Nodegroup.Subnets\`. | | ami_type | str | \`AWS::EKS::Nodegroup.AmiType\`. | | capacity_type | str | \`AWS::EKS::Nodegroup.CapacityType\`. | | disk_size | typing.Union[int, float] | \`AWS::EKS::Nodegroup.DiskSize\`. | | force_update_enabled | typing.Union[bool, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instance_types | typing.List[str] | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | launch_template | typing.Union[LaunchTemplateSpecificationProperty, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroup_name | str | \`AWS::EKS::Nodegroup.NodegroupName\`. | | release_version | str | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remote_access | typing.Union[RemoteAccessProperty, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scaling_config | typing.Union[ScalingConfigProperty, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | taints | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[TaintProperty, aws_cdk.IResolvable]]] | \`AWS::EKS::Nodegroup.Taints\`. | | version | str | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`creation_stack\`Required \`\`\`python creation_stack: typing.List[str] \`\`\` - *Type:* typing.List[str] --- ##### \`logical_id\`Required \`\`\`python logical_id: str \`\`\` - *Type:* str The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`python ref: str \`\`\` - *Type:* str Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfn_options\`Required \`\`\`python cfn_options: ICfnResourceOptions \`\`\` - *Type:* aws_cdk.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfn_resource_type\`Required \`\`\`python cfn_resource_type: str \`\`\` - *Type:* str AWS resource type. --- ##### \`attr_arn\`Required \`\`\`python attr_arn: str \`\`\` - *Type:* str --- ##### \`attr_cluster_name\`Required \`\`\`python attr_cluster_name: str \`\`\` - *Type:* str --- ##### \`attr_nodegroup_name\`Required \`\`\`python attr_nodegroup_name: str \`\`\` - *Type:* str --- ##### \`tags\`Required \`\`\`python tags: TagManager \`\`\` - *Type:* aws_cdk.TagManager \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`labels\`Required \`\`\`python labels: typing.Any \`\`\` - *Type:* typing.Any \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`node_role\`Required \`\`\`python node_role: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required \`\`\`python subnets: typing.List[str] \`\`\` - *Type:* typing.List[str] \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`ami_type\`Optional \`\`\`python ami_type: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacity_type\`Optional \`\`\`python capacity_type: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`disk_size\`Optional \`\`\`python disk_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`force_update_enabled\`Optional \`\`\`python force_update_enabled: typing.Union[bool, IResolvable] \`\`\` - *Type:* typing.Union[bool, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instance_types\`Optional \`\`\`python instance_types: typing.List[str] \`\`\` - *Type:* typing.List[str] \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`launch_template\`Optional \`\`\`python launch_template: typing.Union[LaunchTemplateSpecificationProperty, IResolvable] \`\`\` - *Type:* typing.Union[LaunchTemplateSpecificationProperty, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroup_name\`Optional \`\`\`python nodegroup_name: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`release_version\`Optional \`\`\`python release_version: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remote_access\`Optional \`\`\`python remote_access: typing.Union[RemoteAccessProperty, IResolvable] \`\`\` - *Type:* typing.Union[RemoteAccessProperty, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scaling_config\`Optional \`\`\`python scaling_config: typing.Union[ScalingConfigProperty, IResolvable] \`\`\` - *Type:* typing.Union[ScalingConfigProperty, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`taints\`Optional \`\`\`python taints: typing.Union[IResolvable, typing.List[typing.Union[TaintProperty, IResolvable]]] \`\`\` - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[TaintProperty, aws_cdk.IResolvable]]] \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional \`\`\`python version: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | str | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`python CFN_RESOURCE_TYPE_NAME: str \`\`\` - *Type:* str The CloudFormation resource type name for this resource class. --- ### Cluster - *Implements:* ICluster A Cluster represents a managed Kubernetes Service (EKS). This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes. #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.Cluster( scope: Construct, id: str, version: KubernetesVersion, cluster_name: str = None, output_cluster_name: bool = None, output_config_command: bool = None, role: IRole = None, security_group: ISecurityGroup = None, vpc: IVpc = None, vpc_subnets: typing.List[SubnetSelection] = None, cluster_handler_environment: typing.Mapping[str] = None, core_dns_compute_type: CoreDnsComputeType = None, endpoint_access: EndpointAccess = None, kubectl_environment: typing.Mapping[str] = None, kubectl_layer: ILayerVersion = None, kubectl_memory: Size = None, masters_role: IRole = None, output_masters_role_arn: bool = None, place_cluster_handler_in_vpc: bool = None, prune: bool = None, secrets_encryption_key: IKey = None, default_capacity: typing.Union[int, float] = None, default_capacity_instance: InstanceType = None, default_capacity_type: DefaultCapacityType = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | a Construct, most likely a cdk.Stack created. | | id | str | the id of the Construct to create. | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | cluster_name | str | Name for the cluster. | | output_cluster_name | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | output_config_command | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws_cdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | security_group | aws_cdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpc_subnets | typing.List[aws_cdk.aws_ec2.SubnetSelection] | Where to place EKS Control Plane ENIs. | | cluster_handler_environment | typing.Mapping[str] | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | core_dns_compute_type | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpoint_access | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectl_environment | typing.Mapping[str] | Environment variables for the kubectl execution. | | kubectl_layer | aws_cdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectl_memory | aws_cdk.Size | Amount of memory to allocate to the provider's lambda function. | | masters_role | aws_cdk.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | output_masters_role_arn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | place_cluster_handler_in_vpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secrets_encryption_key | aws_cdk.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | default_capacity | typing.Union[int, float] | Number of instances to allocate as an initial capacity for this cluster. | | default_capacity_instance | aws_cdk.aws_ec2.InstanceType | The instance type to use for the default capacity. | | default_capacity_type | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`scope\`Required - *Type:* constructs.Construct a Construct, most likely a cdk.Stack created. --- ##### \`id\`Required - *Type:* str the id of the Construct to create. --- ##### \`version\`Required - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`cluster_name\`Optional - *Type:* str - *Default:* Automatically generated name Name for the cluster. --- ##### \`output_cluster_name\`Optional - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`output_config_command\`Optional - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`security_group\`Optional - *Type:* aws_cdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpc_subnets\`Optional - *Type:* typing.List[aws_cdk.aws_ec2.SubnetSelection] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`cluster_handler_environment\`Optional - *Type:* typing.Mapping[str] - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`core_dns_compute_type\`Optional - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpoint_access\`Optional - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectl_environment\`Optional - *Type:* typing.Mapping[str] - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectl_layer\`Optional - *Type:* aws_cdk.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. layer = lambda_.LayerVersion(self, "kubectl-layer", code=lambda_.Code.from_asset(f"{__dirname}/layer.zip") )# compatible_runtimes: [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectl_memory\`Optional - *Type:* aws_cdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`masters_role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`output_masters_role_arn\`Optional - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`place_cluster_handler_in_vpc\`Optional - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secrets_encryption_key\`Optional - *Type:* aws_cdk.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`default_capacity\`Optional - *Type:* typing.Union[int, float] - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`default_capacity_instance\`Optional - *Type:* aws_cdk.aws_ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`default_capacity_type\`Optional - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | apply_removal_policy | Apply the given removal policy to this resource. | | add_auto_scaling_group_capacity | Add nodes to this EKS cluster. | | add_cdk8s_chart | Defines a CDK8s chart in this cluster. | | add_fargate_profile | Adds a Fargate profile to this cluster. | | add_helm_chart | Defines a Helm chart in this cluster. | | add_manifest | Defines a Kubernetes resource in this cluster. | | add_nodegroup_capacity | Add managed nodegroup to this Amazon EKS cluster. | | add_service_account | Creates a new service account with corresponding IAM Role (IRSA). | | connect_auto_scaling_group_capacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | get_service_load_balancer_address | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy ) -> None \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws_cdk.RemovalPolicy --- ##### \`add_auto_scaling_group_capacity\` \`\`\`python def add_auto_scaling_group_capacity( id: str, allow_all_outbound: bool = None, associate_public_ip_address: bool = None, auto_scaling_group_name: str = None, block_devices: typing.List[BlockDevice] = None, cooldown: Duration = None, desired_capacity: typing.Union[int, float] = None, group_metrics: typing.List[GroupMetrics] = None, health_check: HealthCheck = None, ignore_unmodified_size_properties: bool = None, instance_monitoring: Monitoring = None, key_name: str = None, max_capacity: typing.Union[int, float] = None, max_instance_lifetime: Duration = None, min_capacity: typing.Union[int, float] = None, new_instances_protected_from_scale_in: bool = None, notifications: typing.List[NotificationConfiguration] = None, signals: Signals = None, spot_price: str = None, update_policy: UpdatePolicy = None, vpc_subnets: SubnetSelection = None, instance_type: InstanceType, bootstrap_enabled: bool = None, bootstrap_options: BootstrapOptions = None, machine_image_type: MachineImageType = None, map_role: bool = None, spot_interrupt_handler: bool = None ) -> AutoScalingGroup \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* str --- ###### \`allow_all_outbound\`Optional - *Type:* bool - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ###### \`associate_public_ip_address\`Optional - *Type:* bool - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ###### \`auto_scaling_group_name\`Optional - *Type:* str - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ###### \`block_devices\`Optional - *Type:* typing.List[aws_cdk.aws_autoscaling.BlockDevice] - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ###### \`cooldown\`Optional - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ###### \`desired_capacity\`Optional - *Type:* typing.Union[int, float] - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ###### \`group_metrics\`Optional - *Type:* typing.List[aws_cdk.aws_autoscaling.GroupMetrics] - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ###### \`health_check\`Optional - *Type:* aws_cdk.aws_autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ###### \`ignore_unmodified_size_properties\`Optional - *Type:* bool - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ###### \`instance_monitoring\`Optional - *Type:* aws_cdk.aws_autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ###### \`key_name\`Optional - *Type:* str - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ###### \`max_capacity\`Optional - *Type:* typing.Union[int, float] - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ###### \`max_instance_lifetime\`Optional - *Type:* aws_cdk.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ###### \`min_capacity\`Optional - *Type:* typing.Union[int, float] - *Default:* 1 Minimum number of instances in the fleet. --- ###### \`new_instances_protected_from_scale_in\`Optional - *Type:* bool - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ###### \`notifications\`Optional - *Type:* typing.List[aws_cdk.aws_autoscaling.NotificationConfiguration] - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ###### \`signals\`Optional - *Type:* aws_cdk.aws_autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ###### \`spot_price\`Optional - *Type:* str - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ###### \`update_policy\`Optional - *Type:* aws_cdk.aws_autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ###### \`vpc_subnets\`Optional - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ###### \`instance_type\`Required - *Type:* aws_cdk.aws_ec2.InstanceType Instance type of the instances to start. --- ###### \`bootstrap_enabled\`Optional - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ###### \`bootstrap_options\`Optional - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ###### \`machine_image_type\`Optional - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ###### \`map_role\`Optional - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ###### \`spot_interrupt_handler\`Optional - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ##### \`add_cdk8s_chart\` \`\`\`python def add_cdk8s_chart( id: str, chart: Construct ) -> KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* str logical id of this chart. --- ###### \`chart\`Required - *Type:* constructs.Construct the cdk8s chart. --- ##### \`add_fargate_profile\` \`\`\`python def add_fargate_profile( id: str, selectors: typing.List[Selector], fargate_profile_name: str = None, pod_execution_role: IRole = None, subnet_selection: SubnetSelection = None, vpc: IVpc = None ) -> FargateProfile \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* str the id of this profile. --- ###### \`selectors\`Required - *Type:* typing.List[Selector] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ###### \`fargate_profile_name\`Optional - *Type:* str - *Default:* generated The name of the Fargate profile. --- ###### \`pod_execution_role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ###### \`subnet_selection\`Optional - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ###### \`vpc\`Optional - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`add_helm_chart\` \`\`\`python def add_helm_chart( id: str, chart: str, create_namespace: bool = None, namespace: str = None, release: str = None, repository: str = None, timeout: Duration = None, values: typing.Mapping[typing.Any] = None, version: str = None, wait: bool = None ) -> HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* str logical id of this chart. --- ###### \`chart\`Required - *Type:* str The name of the chart. --- ###### \`create_namespace\`Optional - *Type:* bool - *Default:* true create namespace if not exist. --- ###### \`namespace\`Optional - *Type:* str - *Default:* default The Kubernetes namespace scope of the requests. --- ###### \`release\`Optional - *Type:* str - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ###### \`repository\`Optional - *Type:* str - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ###### \`timeout\`Optional - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ###### \`values\`Optional - *Type:* typing.Mapping[typing.Any] - *Default:* No values are provided to the chart. The values to be used by the chart. --- ###### \`version\`Optional - *Type:* str - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ###### \`wait\`Optional - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`add_manifest\` \`\`\`python def add_manifest( id: str, manifest: typing.Mapping[typing.Any] ) -> KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* str logical id of this manifest. --- ###### \`manifest\`Required - *Type:* typing.Mapping[typing.Any] a list of Kubernetes resource specifications. --- ##### \`add_nodegroup_capacity\` \`\`\`python def add_nodegroup_capacity( id: str, ami_type: NodegroupAmiType = None, capacity_type: CapacityType = None, desired_size: typing.Union[int, float] = None, disk_size: typing.Union[int, float] = None, force_update: bool = None, instance_types: typing.List[InstanceType] = None, labels: typing.Mapping[str] = None, launch_template_spec: LaunchTemplateSpec = None, max_size: typing.Union[int, float] = None, min_size: typing.Union[int, float] = None, nodegroup_name: str = None, node_role: IRole = None, release_version: str = None, remote_access: NodegroupRemoteAccess = None, subnets: SubnetSelection = None, tags: typing.Mapping[str] = None ) -> Nodegroup \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* str The ID of the nodegroup. --- ###### \`ami_type\`Optional - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ###### \`capacity_type\`Optional - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ###### \`desired_size\`Optional - *Type:* typing.Union[int, float] - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ###### \`disk_size\`Optional - *Type:* typing.Union[int, float] - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ###### \`force_update\`Optional - *Type:* bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ###### \`instance_types\`Optional - *Type:* typing.List[aws_cdk.aws_ec2.InstanceType] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ###### \`labels\`Optional - *Type:* typing.Mapping[str] - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ###### \`launch_template_spec\`Optional - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ###### \`max_size\`Optional - *Type:* typing.Union[int, float] - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ###### \`min_size\`Optional - *Type:* typing.Union[int, float] - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ###### \`nodegroup_name\`Optional - *Type:* str - *Default:* resource ID Name of the Nodegroup. --- ###### \`node_role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ###### \`release_version\`Optional - *Type:* str - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ###### \`remote_access\`Optional - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ###### \`subnets\`Optional - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ###### \`tags\`Optional - *Type:* typing.Mapping[str] - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`add_service_account\` \`\`\`python def add_service_account( id: str, name: str = None, namespace: str = None ) -> ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* str --- ###### \`name\`Optional - *Type:* str - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ###### \`namespace\`Optional - *Type:* str - *Default:* "default" The namespace of the service account. --- ##### \`connect_auto_scaling_group_capacity\` \`\`\`python def connect_auto_scaling_group_capacity( auto_scaling_group: AutoScalingGroup, bootstrap_enabled: bool = None, bootstrap_options: BootstrapOptions = None, machine_image_type: MachineImageType = None, map_role: bool = None, spot_interrupt_handler: bool = None ) -> None \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`auto_scaling_group\`Required - *Type:* aws_cdk.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`bootstrap_enabled\`Optional - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ###### \`bootstrap_options\`Optional - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ###### \`machine_image_type\`Optional - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ###### \`map_role\`Optional - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ###### \`spot_interrupt_handler\`Optional - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ##### \`get_service_load_balancer_address\` \`\`\`python def get_service_load_balancer_address( service_name: str, namespace: str = None, timeout: Duration = None ) -> str \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`service_name\`Required - *Type:* str The name of the service. --- ###### \`namespace\`Optional - *Type:* str - *Default:* 'default' The namespace the service belongs to. --- ###### \`timeout\`Optional - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | | is_resource | Check whether the given construct is a Resource. | | from_cluster_attributes | Import an existing cluster. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.Cluster.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- ##### \`is_resource\` \`\`\`python from aws_cdk import aws_eks aws_eks.Cluster.is_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- ##### \`from_cluster_attributes\` \`\`\`python from aws_cdk import aws_eks aws_eks.Cluster.from_cluster_attributes( scope: Construct, id: str, cluster_name: str, cluster_certificate_authority_data: str = None, cluster_encryption_config_key_arn: str = None, cluster_endpoint: str = None, cluster_security_group_id: str = None, kubectl_environment: typing.Mapping[str] = None, kubectl_layer: ILayerVersion = None, kubectl_memory: Size = None, kubectl_private_subnet_ids: typing.List[str] = None, kubectl_role_arn: str = None, kubectl_security_group_id: str = None, open_id_connect_provider: IOpenIdConnectProvider = None, prune: bool = None, security_group_ids: typing.List[str] = None, vpc: IVpc = None ) \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* constructs.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* str the id or name to import as. --- ###### \`cluster_name\`Required - *Type:* str The physical name of the Cluster. --- ###### \`cluster_certificate_authority_data\`Optional - *Type:* str - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ###### \`cluster_encryption_config_key_arn\`Optional - *Type:* str - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ###### \`cluster_endpoint\`Optional - *Type:* str - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ###### \`cluster_security_group_id\`Optional - *Type:* str - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ###### \`kubectl_environment\`Optional - *Type:* typing.Mapping[str] - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ###### \`kubectl_layer\`Optional - *Type:* aws_cdk.aws_lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: \`\`\` helm/helm kubectl/kubectl awscli/aws \`\`\` --- ###### \`kubectl_memory\`Optional - *Type:* aws_cdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ###### \`kubectl_private_subnet_ids\`Optional - *Type:* typing.List[str] - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ###### \`kubectl_role_arn\`Optional - *Type:* str - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ###### \`kubectl_security_group_id\`Optional - *Type:* str - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ###### \`open_id_connect_provider\`Optional - *Type:* aws_cdk.aws_iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ###### \`prune\`Optional - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ###### \`security_group_ids\`Optional - *Type:* typing.List[str] - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ###### \`vpc\`Optional - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws_cdk.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.Stack | The stack in which this resource is defined. | | admin_role | aws_cdk.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | aws_auth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | cluster_arn | str | The AWS generated ARN for the Cluster resource. | | cluster_certificate_authority_data | str | The certificate-authority-data for your cluster. | | cluster_encryption_config_key_arn | str | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | cluster_endpoint | str | The endpoint URL for the Cluster. | | cluster_name | str | The Name of the created EKS Cluster. | | cluster_open_id_connect_issuer | str | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | cluster_open_id_connect_issuer_url | str | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | cluster_security_group | aws_cdk.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | cluster_security_group_id | str | The id of the cluster security group that was created by Amazon EKS for the cluster. | | connections | aws_cdk.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | open_id_connect_provider | aws_cdk.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | prune | bool | Determines if Kubernetes resources can be pruned automatically. | | role | aws_cdk.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which this Cluster was created. | | default_capacity | aws_cdk.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | default_nodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | kubectl_environment | typing.Mapping[str] | Custom environment variables when running \`kubectl\` against this cluster. | | kubectl_layer | aws_cdk.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | kubectl_memory | aws_cdk.Size | The amount of memory allocated to the kubectl provider's lambda function. | | kubectl_private_subnets | typing.List[aws_cdk.aws_ec2.ISubnet] | Subnets to host the \`kubectl\` compute resources. | | kubectl_role | aws_cdk.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectl_security_group | aws_cdk.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this resource is defined. --- ##### \`admin_role\`Required \`\`\`python admin_role: Role \`\`\` - *Type:* aws_cdk.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`aws_auth\`Required \`\`\`python aws_auth: AwsAuth \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`cluster_arn\`Required \`\`\`python cluster_arn: str \`\`\` - *Type:* str The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`python # Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666cluster / prod \`\`\` ##### \`cluster_certificate_authority_data\`Required \`\`\`python cluster_certificate_authority_data: str \`\`\` - *Type:* str The certificate-authority-data for your cluster. --- ##### \`cluster_encryption_config_key_arn\`Required \`\`\`python cluster_encryption_config_key_arn: str \`\`\` - *Type:* str Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`cluster_endpoint\`Required \`\`\`python cluster_endpoint: str \`\`\` - *Type:* str The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`python # Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str The Name of the created EKS Cluster. --- ##### \`cluster_open_id_connect_issuer\`Required \`\`\`python cluster_open_id_connect_issuer: str \`\`\` - *Type:* str If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`cluster_open_id_connect_issuer_url\`Required \`\`\`python cluster_open_id_connect_issuer_url: str \`\`\` - *Type:* str If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`cluster_security_group\`Required \`\`\`python cluster_security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`cluster_security_group_id\`Required \`\`\`python cluster_security_group_id: str \`\`\` - *Type:* str The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`connections\`Required \`\`\`python connections: Connections \`\`\` - *Type:* aws_cdk.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`open_id_connect_provider\`Required \`\`\`python open_id_connect_provider: IOpenIdConnectProvider \`\`\` - *Type:* aws_cdk.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`prune\`Required \`\`\`python prune: bool \`\`\` - *Type:* bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`role\`Required \`\`\`python role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`vpc\`Required \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`default_capacity\`Optional \`\`\`python default_capacity: AutoScalingGroup \`\`\` - *Type:* aws_cdk.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`default_nodegroup\`Optional \`\`\`python default_nodegroup: Nodegroup \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`kubectl_environment\`Optional \`\`\`python kubectl_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectl_layer\`Optional \`\`\`python kubectl_layer: ILayerVersion \`\`\` - *Type:* aws_cdk.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`kubectl_memory\`Optional \`\`\`python kubectl_memory: Size \`\`\` - *Type:* aws_cdk.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`kubectl_private_subnets\`Optional \`\`\`python kubectl_private_subnets: typing.List[ISubnet] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.ISubnet] - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`kubectl_role\`Optional \`\`\`python kubectl_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectl_security_group\`Optional \`\`\`python kubectl_security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateCluster Defines an EKS cluster that runs entirely on AWS Fargate. The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using \`addFargateProfile\`. #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.FargateCluster( scope: Construct, id: str, version: KubernetesVersion, cluster_name: str = None, output_cluster_name: bool = None, output_config_command: bool = None, role: IRole = None, security_group: ISecurityGroup = None, vpc: IVpc = None, vpc_subnets: typing.List[SubnetSelection] = None, cluster_handler_environment: typing.Mapping[str] = None, core_dns_compute_type: CoreDnsComputeType = None, endpoint_access: EndpointAccess = None, kubectl_environment: typing.Mapping[str] = None, kubectl_layer: ILayerVersion = None, kubectl_memory: Size = None, masters_role: IRole = None, output_masters_role_arn: bool = None, place_cluster_handler_in_vpc: bool = None, prune: bool = None, secrets_encryption_key: IKey = None, default_profile: FargateProfileOptions = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | cluster_name | str | Name for the cluster. | | output_cluster_name | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | output_config_command | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws_cdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | security_group | aws_cdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpc_subnets | typing.List[aws_cdk.aws_ec2.SubnetSelection] | Where to place EKS Control Plane ENIs. | | cluster_handler_environment | typing.Mapping[str] | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | core_dns_compute_type | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpoint_access | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectl_environment | typing.Mapping[str] | Environment variables for the kubectl execution. | | kubectl_layer | aws_cdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectl_memory | aws_cdk.Size | Amount of memory to allocate to the provider's lambda function. | | masters_role | aws_cdk.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | output_masters_role_arn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | place_cluster_handler_in_vpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secrets_encryption_key | aws_cdk.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | default_profile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`version\`Required - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`cluster_name\`Optional - *Type:* str - *Default:* Automatically generated name Name for the cluster. --- ##### \`output_cluster_name\`Optional - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`output_config_command\`Optional - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`security_group\`Optional - *Type:* aws_cdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpc_subnets\`Optional - *Type:* typing.List[aws_cdk.aws_ec2.SubnetSelection] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`cluster_handler_environment\`Optional - *Type:* typing.Mapping[str] - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`core_dns_compute_type\`Optional - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpoint_access\`Optional - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectl_environment\`Optional - *Type:* typing.Mapping[str] - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectl_layer\`Optional - *Type:* aws_cdk.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. layer = lambda_.LayerVersion(self, "kubectl-layer", code=lambda_.Code.from_asset(f"{__dirname}/layer.zip") )# compatible_runtimes: [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectl_memory\`Optional - *Type:* aws_cdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`masters_role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`output_masters_role_arn\`Optional - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`place_cluster_handler_in_vpc\`Optional - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secrets_encryption_key\`Optional - *Type:* aws_cdk.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`default_profile\`Optional - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | apply_removal_policy | Apply the given removal policy to this resource. | | add_auto_scaling_group_capacity | Add nodes to this EKS cluster. | | add_cdk8s_chart | Defines a CDK8s chart in this cluster. | | add_fargate_profile | Adds a Fargate profile to this cluster. | | add_helm_chart | Defines a Helm chart in this cluster. | | add_manifest | Defines a Kubernetes resource in this cluster. | | add_nodegroup_capacity | Add managed nodegroup to this Amazon EKS cluster. | | add_service_account | Creates a new service account with corresponding IAM Role (IRSA). | | connect_auto_scaling_group_capacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | get_service_load_balancer_address | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy ) -> None \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws_cdk.RemovalPolicy --- ##### \`add_auto_scaling_group_capacity\` \`\`\`python def add_auto_scaling_group_capacity( id: str, allow_all_outbound: bool = None, associate_public_ip_address: bool = None, auto_scaling_group_name: str = None, block_devices: typing.List[BlockDevice] = None, cooldown: Duration = None, desired_capacity: typing.Union[int, float] = None, group_metrics: typing.List[GroupMetrics] = None, health_check: HealthCheck = None, ignore_unmodified_size_properties: bool = None, instance_monitoring: Monitoring = None, key_name: str = None, max_capacity: typing.Union[int, float] = None, max_instance_lifetime: Duration = None, min_capacity: typing.Union[int, float] = None, new_instances_protected_from_scale_in: bool = None, notifications: typing.List[NotificationConfiguration] = None, signals: Signals = None, spot_price: str = None, update_policy: UpdatePolicy = None, vpc_subnets: SubnetSelection = None, instance_type: InstanceType, bootstrap_enabled: bool = None, bootstrap_options: BootstrapOptions = None, machine_image_type: MachineImageType = None, map_role: bool = None, spot_interrupt_handler: bool = None ) -> AutoScalingGroup \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* str --- ###### \`allow_all_outbound\`Optional - *Type:* bool - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ###### \`associate_public_ip_address\`Optional - *Type:* bool - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ###### \`auto_scaling_group_name\`Optional - *Type:* str - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ###### \`block_devices\`Optional - *Type:* typing.List[aws_cdk.aws_autoscaling.BlockDevice] - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ###### \`cooldown\`Optional - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ###### \`desired_capacity\`Optional - *Type:* typing.Union[int, float] - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ###### \`group_metrics\`Optional - *Type:* typing.List[aws_cdk.aws_autoscaling.GroupMetrics] - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ###### \`health_check\`Optional - *Type:* aws_cdk.aws_autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ###### \`ignore_unmodified_size_properties\`Optional - *Type:* bool - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ###### \`instance_monitoring\`Optional - *Type:* aws_cdk.aws_autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ###### \`key_name\`Optional - *Type:* str - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ###### \`max_capacity\`Optional - *Type:* typing.Union[int, float] - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ###### \`max_instance_lifetime\`Optional - *Type:* aws_cdk.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ###### \`min_capacity\`Optional - *Type:* typing.Union[int, float] - *Default:* 1 Minimum number of instances in the fleet. --- ###### \`new_instances_protected_from_scale_in\`Optional - *Type:* bool - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ###### \`notifications\`Optional - *Type:* typing.List[aws_cdk.aws_autoscaling.NotificationConfiguration] - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ###### \`signals\`Optional - *Type:* aws_cdk.aws_autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ###### \`spot_price\`Optional - *Type:* str - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ###### \`update_policy\`Optional - *Type:* aws_cdk.aws_autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ###### \`vpc_subnets\`Optional - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ###### \`instance_type\`Required - *Type:* aws_cdk.aws_ec2.InstanceType Instance type of the instances to start. --- ###### \`bootstrap_enabled\`Optional - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ###### \`bootstrap_options\`Optional - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ###### \`machine_image_type\`Optional - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ###### \`map_role\`Optional - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ###### \`spot_interrupt_handler\`Optional - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ##### \`add_cdk8s_chart\` \`\`\`python def add_cdk8s_chart( id: str, chart: Construct ) -> KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* str logical id of this chart. --- ###### \`chart\`Required - *Type:* constructs.Construct the cdk8s chart. --- ##### \`add_fargate_profile\` \`\`\`python def add_fargate_profile( id: str, selectors: typing.List[Selector], fargate_profile_name: str = None, pod_execution_role: IRole = None, subnet_selection: SubnetSelection = None, vpc: IVpc = None ) -> FargateProfile \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* str the id of this profile. --- ###### \`selectors\`Required - *Type:* typing.List[Selector] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ###### \`fargate_profile_name\`Optional - *Type:* str - *Default:* generated The name of the Fargate profile. --- ###### \`pod_execution_role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ###### \`subnet_selection\`Optional - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ###### \`vpc\`Optional - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`add_helm_chart\` \`\`\`python def add_helm_chart( id: str, chart: str, create_namespace: bool = None, namespace: str = None, release: str = None, repository: str = None, timeout: Duration = None, values: typing.Mapping[typing.Any] = None, version: str = None, wait: bool = None ) -> HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* str logical id of this chart. --- ###### \`chart\`Required - *Type:* str The name of the chart. --- ###### \`create_namespace\`Optional - *Type:* bool - *Default:* true create namespace if not exist. --- ###### \`namespace\`Optional - *Type:* str - *Default:* default The Kubernetes namespace scope of the requests. --- ###### \`release\`Optional - *Type:* str - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ###### \`repository\`Optional - *Type:* str - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ###### \`timeout\`Optional - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ###### \`values\`Optional - *Type:* typing.Mapping[typing.Any] - *Default:* No values are provided to the chart. The values to be used by the chart. --- ###### \`version\`Optional - *Type:* str - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ###### \`wait\`Optional - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`add_manifest\` \`\`\`python def add_manifest( id: str, manifest: typing.Mapping[typing.Any] ) -> KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* str logical id of this manifest. --- ###### \`manifest\`Required - *Type:* typing.Mapping[typing.Any] a list of Kubernetes resource specifications. --- ##### \`add_nodegroup_capacity\` \`\`\`python def add_nodegroup_capacity( id: str, ami_type: NodegroupAmiType = None, capacity_type: CapacityType = None, desired_size: typing.Union[int, float] = None, disk_size: typing.Union[int, float] = None, force_update: bool = None, instance_types: typing.List[InstanceType] = None, labels: typing.Mapping[str] = None, launch_template_spec: LaunchTemplateSpec = None, max_size: typing.Union[int, float] = None, min_size: typing.Union[int, float] = None, nodegroup_name: str = None, node_role: IRole = None, release_version: str = None, remote_access: NodegroupRemoteAccess = None, subnets: SubnetSelection = None, tags: typing.Mapping[str] = None ) -> Nodegroup \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* str The ID of the nodegroup. --- ###### \`ami_type\`Optional - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ###### \`capacity_type\`Optional - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ###### \`desired_size\`Optional - *Type:* typing.Union[int, float] - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ###### \`disk_size\`Optional - *Type:* typing.Union[int, float] - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ###### \`force_update\`Optional - *Type:* bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ###### \`instance_types\`Optional - *Type:* typing.List[aws_cdk.aws_ec2.InstanceType] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ###### \`labels\`Optional - *Type:* typing.Mapping[str] - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ###### \`launch_template_spec\`Optional - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ###### \`max_size\`Optional - *Type:* typing.Union[int, float] - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ###### \`min_size\`Optional - *Type:* typing.Union[int, float] - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ###### \`nodegroup_name\`Optional - *Type:* str - *Default:* resource ID Name of the Nodegroup. --- ###### \`node_role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ###### \`release_version\`Optional - *Type:* str - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ###### \`remote_access\`Optional - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ###### \`subnets\`Optional - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ###### \`tags\`Optional - *Type:* typing.Mapping[str] - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`add_service_account\` \`\`\`python def add_service_account( id: str, name: str = None, namespace: str = None ) -> ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* str --- ###### \`name\`Optional - *Type:* str - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ###### \`namespace\`Optional - *Type:* str - *Default:* "default" The namespace of the service account. --- ##### \`connect_auto_scaling_group_capacity\` \`\`\`python def connect_auto_scaling_group_capacity( auto_scaling_group: AutoScalingGroup, bootstrap_enabled: bool = None, bootstrap_options: BootstrapOptions = None, machine_image_type: MachineImageType = None, map_role: bool = None, spot_interrupt_handler: bool = None ) -> None \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`auto_scaling_group\`Required - *Type:* aws_cdk.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`bootstrap_enabled\`Optional - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ###### \`bootstrap_options\`Optional - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ###### \`machine_image_type\`Optional - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ###### \`map_role\`Optional - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ###### \`spot_interrupt_handler\`Optional - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ##### \`get_service_load_balancer_address\` \`\`\`python def get_service_load_balancer_address( service_name: str, namespace: str = None, timeout: Duration = None ) -> str \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`service_name\`Required - *Type:* str The name of the service. --- ###### \`namespace\`Optional - *Type:* str - *Default:* 'default' The namespace the service belongs to. --- ###### \`timeout\`Optional - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | | is_resource | Check whether the given construct is a Resource. | | from_cluster_attributes | Import an existing cluster. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.FargateCluster.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- ##### \`is_resource\` \`\`\`python from aws_cdk import aws_eks aws_eks.FargateCluster.is_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- ##### \`from_cluster_attributes\` \`\`\`python from aws_cdk import aws_eks aws_eks.FargateCluster.from_cluster_attributes( scope: Construct, id: str, cluster_name: str, cluster_certificate_authority_data: str = None, cluster_encryption_config_key_arn: str = None, cluster_endpoint: str = None, cluster_security_group_id: str = None, kubectl_environment: typing.Mapping[str] = None, kubectl_layer: ILayerVersion = None, kubectl_memory: Size = None, kubectl_private_subnet_ids: typing.List[str] = None, kubectl_role_arn: str = None, kubectl_security_group_id: str = None, open_id_connect_provider: IOpenIdConnectProvider = None, prune: bool = None, security_group_ids: typing.List[str] = None, vpc: IVpc = None ) \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* constructs.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* str the id or name to import as. --- ###### \`cluster_name\`Required - *Type:* str The physical name of the Cluster. --- ###### \`cluster_certificate_authority_data\`Optional - *Type:* str - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ###### \`cluster_encryption_config_key_arn\`Optional - *Type:* str - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ###### \`cluster_endpoint\`Optional - *Type:* str - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ###### \`cluster_security_group_id\`Optional - *Type:* str - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ###### \`kubectl_environment\`Optional - *Type:* typing.Mapping[str] - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ###### \`kubectl_layer\`Optional - *Type:* aws_cdk.aws_lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: \`\`\` helm/helm kubectl/kubectl awscli/aws \`\`\` --- ###### \`kubectl_memory\`Optional - *Type:* aws_cdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ###### \`kubectl_private_subnet_ids\`Optional - *Type:* typing.List[str] - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ###### \`kubectl_role_arn\`Optional - *Type:* str - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ###### \`kubectl_security_group_id\`Optional - *Type:* str - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ###### \`open_id_connect_provider\`Optional - *Type:* aws_cdk.aws_iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ###### \`prune\`Optional - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ###### \`security_group_ids\`Optional - *Type:* typing.List[str] - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ###### \`vpc\`Optional - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws_cdk.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.Stack | The stack in which this resource is defined. | | admin_role | aws_cdk.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | aws_auth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | cluster_arn | str | The AWS generated ARN for the Cluster resource. | | cluster_certificate_authority_data | str | The certificate-authority-data for your cluster. | | cluster_encryption_config_key_arn | str | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | cluster_endpoint | str | The endpoint URL for the Cluster. | | cluster_name | str | The Name of the created EKS Cluster. | | cluster_open_id_connect_issuer | str | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | cluster_open_id_connect_issuer_url | str | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | cluster_security_group | aws_cdk.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | cluster_security_group_id | str | The id of the cluster security group that was created by Amazon EKS for the cluster. | | connections | aws_cdk.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | open_id_connect_provider | aws_cdk.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | prune | bool | Determines if Kubernetes resources can be pruned automatically. | | role | aws_cdk.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which this Cluster was created. | | default_capacity | aws_cdk.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | default_nodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | kubectl_environment | typing.Mapping[str] | Custom environment variables when running \`kubectl\` against this cluster. | | kubectl_layer | aws_cdk.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | kubectl_memory | aws_cdk.Size | The amount of memory allocated to the kubectl provider's lambda function. | | kubectl_private_subnets | typing.List[aws_cdk.aws_ec2.ISubnet] | Subnets to host the \`kubectl\` compute resources. | | kubectl_role | aws_cdk.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectl_security_group | aws_cdk.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this resource is defined. --- ##### \`admin_role\`Required \`\`\`python admin_role: Role \`\`\` - *Type:* aws_cdk.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`aws_auth\`Required \`\`\`python aws_auth: AwsAuth \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`cluster_arn\`Required \`\`\`python cluster_arn: str \`\`\` - *Type:* str The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`python # Example automatically generated from non-compiling source. May contain errors. arn:aws:eks:us-west-2666666666666cluster / prod \`\`\` ##### \`cluster_certificate_authority_data\`Required \`\`\`python cluster_certificate_authority_data: str \`\`\` - *Type:* str The certificate-authority-data for your cluster. --- ##### \`cluster_encryption_config_key_arn\`Required \`\`\`python cluster_encryption_config_key_arn: str \`\`\` - *Type:* str Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`cluster_endpoint\`Required \`\`\`python cluster_endpoint: str \`\`\` - *Type:* str The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`python # Example automatically generated from non-compiling source. May contain errors. https: \`\`\` ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str The Name of the created EKS Cluster. --- ##### \`cluster_open_id_connect_issuer\`Required \`\`\`python cluster_open_id_connect_issuer: str \`\`\` - *Type:* str If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`cluster_open_id_connect_issuer_url\`Required \`\`\`python cluster_open_id_connect_issuer_url: str \`\`\` - *Type:* str If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`cluster_security_group\`Required \`\`\`python cluster_security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`cluster_security_group_id\`Required \`\`\`python cluster_security_group_id: str \`\`\` - *Type:* str The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`connections\`Required \`\`\`python connections: Connections \`\`\` - *Type:* aws_cdk.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`open_id_connect_provider\`Required \`\`\`python open_id_connect_provider: IOpenIdConnectProvider \`\`\` - *Type:* aws_cdk.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`prune\`Required \`\`\`python prune: bool \`\`\` - *Type:* bool Determines if Kubernetes resources can be pruned automatically. --- ##### \`role\`Required \`\`\`python role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`vpc\`Required \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`default_capacity\`Optional \`\`\`python default_capacity: AutoScalingGroup \`\`\` - *Type:* aws_cdk.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`default_nodegroup\`Optional \`\`\`python default_nodegroup: Nodegroup \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`kubectl_environment\`Optional \`\`\`python kubectl_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectl_layer\`Optional \`\`\`python kubectl_layer: ILayerVersion \`\`\` - *Type:* aws_cdk.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`kubectl_memory\`Optional \`\`\`python kubectl_memory: Size \`\`\` - *Type:* aws_cdk.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`kubectl_private_subnets\`Optional \`\`\`python kubectl_private_subnets: typing.List[ISubnet] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.ISubnet] - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`kubectl_role\`Optional \`\`\`python kubectl_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectl_security_group\`Optional \`\`\`python kubectl_security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateProfile - *Implements:* aws_cdk.ITaggable Fargate profiles allows an administrator to declare which pods run on Fargate. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate. If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate. #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.FargateProfile( scope: Construct, id: str, selectors: typing.List[Selector], fargate_profile_name: str = None, pod_execution_role: IRole = None, subnet_selection: SubnetSelection = None, vpc: IVpc = None, cluster: Cluster ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | selectors | typing.List[Selector] | The selectors to match for pods to use this Fargate profile. | | fargate_profile_name | str | The name of the Fargate profile. | | pod_execution_role | aws_cdk.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnet_selection | aws_cdk.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`selectors\`Required - *Type:* typing.List[Selector] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargate_profile_name\`Optional - *Type:* str - *Default:* generated The name of the Fargate profile. --- ##### \`pod_execution_role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnet_selection\`Optional - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`cluster\`Required - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.FargateProfile.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | fargate_profile_arn | str | The full Amazon Resource Name (ARN) of the Fargate profile. | | fargate_profile_name | str | The name of the Fargate profile. | | pod_execution_role | aws_cdk.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | tags | aws_cdk.TagManager | Resource tags. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`fargate_profile_arn\`Required \`\`\`python fargate_profile_arn: str \`\`\` - *Type:* str The full Amazon Resource Name (ARN) of the Fargate profile. --- ##### \`fargate_profile_name\`Required \`\`\`python fargate_profile_name: str \`\`\` - *Type:* str The name of the Fargate profile. --- ##### \`pod_execution_role\`Required \`\`\`python pod_execution_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. --- ##### \`tags\`Required \`\`\`python tags: TagManager \`\`\` - *Type:* aws_cdk.TagManager Resource tags. --- ### HelmChart Represents a helm chart within the Kubernetes system. Applies/deletes the resources using \`kubectl\` in sync with the resource. #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.HelmChart( scope: Construct, id: str, chart: str, create_namespace: bool = None, namespace: str = None, release: str = None, repository: str = None, timeout: Duration = None, values: typing.Mapping[typing.Any] = None, version: str = None, wait: bool = None, cluster: ICluster ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | chart | str | The name of the chart. | | create_namespace | bool | create namespace if not exist. | | namespace | str | The Kubernetes namespace scope of the requests. | | release | str | The name of the release. | | repository | str | The repository which contains the chart. | | timeout | aws_cdk.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | typing.Mapping[typing.Any] | The values to be used by the chart. | | version | str | The chart version to install. | | wait | bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`chart\`Required - *Type:* str The name of the chart. --- ##### \`create_namespace\`Optional - *Type:* bool - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional - *Type:* str - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional - *Type:* str - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional - *Type:* str - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional - *Type:* typing.Mapping[typing.Any] - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional - *Type:* str - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`cluster\`Required - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.HelmChart.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | str | The CloudFormation resource type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`python RESOURCE_TYPE: str \`\`\` - *Type:* str The CloudFormation resource type. --- ### KubernetesManifest Represents a manifest within the Kubernetes system. Alternatively, you can use \`cluster.addManifest(resource[, resource, ...])\` to define resources on this cluster. Applies/deletes the manifest using \`kubectl\`. #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesManifest( scope: Construct, id: str, prune: bool = None, skip_validation: bool = None, cluster: ICluster, manifest: typing.List[typing.Mapping[typing.Any]], overwrite: bool = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | prune | bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skip_validation | bool | A flag to signify if the manifest validation should be skipped. | | cluster | ICluster | The EKS cluster to apply this manifest to. | | manifest | typing.List[typing.Mapping[typing.Any]] | The manifest to apply. | | overwrite | bool | Overwrite any existing resources. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`prune\`Optional - *Type:* bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skip_validation\`Optional - *Type:* bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`cluster\`Required - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`manifest\`Required - *Type:* typing.List[typing.Mapping[typing.Any]] The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`python [{ "api_version": "v1", "kind": "Pod", "metadata": {"name": "mypod"}, "spec": { "containers": [{"name": "hello", "image": "paulbouwer/hello-kubernetes:1.5", "ports": [{"container_port": 8080}]}] } }] \`\`\` ##### \`overwrite\`Optional - *Type:* bool - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesManifest.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | str | The CloudFormation reosurce type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`python RESOURCE_TYPE: str \`\`\` - *Type:* str The CloudFormation reosurce type. --- ### KubernetesObjectValue Represents a value of a specific object deployed in the cluster. Use this to fetch any information available by the \`kubectl get\` command. #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesObjectValue( scope: Construct, id: str, cluster: ICluster, json_path: str, object_name: str, object_type: str, object_namespace: str = None, timeout: Duration = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | cluster | ICluster | The EKS cluster to fetch attributes from. | | json_path | str | JSONPath to the specific value. | | object_name | str | The name of the object to query. | | object_type | str | The object type to query. | | object_namespace | str | The namespace the object belongs to. | | timeout | aws_cdk.Duration | Timeout for waiting on a value. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`cluster\`Required - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`json_path\`Required - *Type:* str JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`object_name\`Required - *Type:* str The name of the object to query. --- ##### \`object_type\`Required - *Type:* str The object type to query. (e.g 'service', 'pod'...) --- ##### \`object_namespace\`Optional - *Type:* str - *Default:* 'default' The namespace the object belongs to. --- ##### \`timeout\`Optional - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesObjectValue.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | value | str | The value as a string token. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`value\`Required \`\`\`python value: str \`\`\` - *Type:* str The value as a string token. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | str | The CloudFormation reosurce type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`python RESOURCE_TYPE: str \`\`\` - *Type:* str The CloudFormation reosurce type. --- ### KubernetesPatch A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource. > [https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/) #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesPatch( scope: Construct, id: str, apply_patch: typing.Mapping[typing.Any], cluster: ICluster, resource_name: str, restore_patch: typing.Mapping[typing.Any], patch_type: PatchType = None, resource_namespace: str = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | apply_patch | typing.Mapping[typing.Any] | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | cluster | ICluster | The cluster to apply the patch to. | | resource_name | str | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | restore_patch | typing.Mapping[typing.Any] | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | patch_type | PatchType | The patch type to pass to \`kubectl patch\`. | | resource_namespace | str | The kubernetes API namespace. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`apply_patch\`Required - *Type:* typing.Mapping[typing.Any] The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`cluster\`Required - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`resource_name\`Required - *Type:* str The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`restore_patch\`Required - *Type:* typing.Mapping[typing.Any] The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`patch_type\`Optional - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`resource_namespace\`Optional - *Type:* str - *Default:* "default" The kubernetes API namespace. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesPatch.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ### Nodegroup - *Implements:* INodegroup The Nodegroup resource class. #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.Nodegroup( scope: Construct, id: str, ami_type: NodegroupAmiType = None, capacity_type: CapacityType = None, desired_size: typing.Union[int, float] = None, disk_size: typing.Union[int, float] = None, force_update: bool = None, instance_types: typing.List[InstanceType] = None, labels: typing.Mapping[str] = None, launch_template_spec: LaunchTemplateSpec = None, max_size: typing.Union[int, float] = None, min_size: typing.Union[int, float] = None, nodegroup_name: str = None, node_role: IRole = None, release_version: str = None, remote_access: NodegroupRemoteAccess = None, subnets: SubnetSelection = None, tags: typing.Mapping[str] = None, cluster: ICluster ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | ami_type | NodegroupAmiType | The AMI type for your node group. | | capacity_type | CapacityType | The capacity type of the nodegroup. | | desired_size | typing.Union[int, float] | The current number of worker nodes that the managed node group should maintain. | | disk_size | typing.Union[int, float] | The root device disk size (in GiB) for your node group instances. | | force_update | bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instance_types | typing.List[aws_cdk.aws_ec2.InstanceType] | The instance types to use for your node group. | | labels | typing.Mapping[str] | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launch_template_spec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | max_size | typing.Union[int, float] | The maximum number of worker nodes that the managed node group can scale out to. | | min_size | typing.Union[int, float] | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroup_name | str | Name of the Nodegroup. | | node_role | aws_cdk.aws_iam.IRole | The IAM role to associate with your node group. | | release_version | str | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remote_access | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | aws_cdk.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | typing.Mapping[str] | The metadata to apply to the node group to assist with categorization and organization. | | cluster | ICluster | Cluster resource. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`ami_type\`Optional - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacity_type\`Optional - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desired_size\`Optional - *Type:* typing.Union[int, float] - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`disk_size\`Optional - *Type:* typing.Union[int, float] - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`force_update\`Optional - *Type:* bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`instance_types\`Optional - *Type:* typing.List[aws_cdk.aws_ec2.InstanceType] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional - *Type:* typing.Mapping[str] - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launch_template_spec\`Optional - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`max_size\`Optional - *Type:* typing.Union[int, float] - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`min_size\`Optional - *Type:* typing.Union[int, float] - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroup_name\`Optional - *Type:* str - *Default:* resource ID Name of the Nodegroup. --- ##### \`node_role\`Optional - *Type:* aws_cdk.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`release_version\`Optional - *Type:* str - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remote_access\`Optional - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional - *Type:* typing.Mapping[str] - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`cluster\`Required - *Type:* ICluster Cluster resource. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | apply_removal_policy | Apply the given removal policy to this resource. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy ) -> None \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws_cdk.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | | is_resource | Check whether the given construct is a Resource. | | from_nodegroup_name | Import the Nodegroup from attributes. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.Nodegroup.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- ##### \`is_resource\` \`\`\`python from aws_cdk import aws_eks aws_eks.Nodegroup.is_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- ##### \`from_nodegroup_name\` \`\`\`python from aws_cdk import aws_eks aws_eks.Nodegroup.from_nodegroup_name( scope: Construct, id: str, nodegroup_name: str ) \`\`\` Import the Nodegroup from attributes. ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* str --- ###### \`nodegroup_name\`Required - *Type:* str --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws_cdk.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.Stack | The stack in which this resource is defined. | | cluster | ICluster | the Amazon EKS cluster resource. | | nodegroup_arn | str | ARN of the nodegroup. | | nodegroup_name | str | Nodegroup name. | | role | aws_cdk.aws_iam.IRole | IAM role of the instance profile for the nodegroup. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this resource is defined. --- ##### \`cluster\`Required \`\`\`python cluster: ICluster \`\`\` - *Type:* ICluster the Amazon EKS cluster resource. --- ##### \`nodegroup_arn\`Required \`\`\`python nodegroup_arn: str \`\`\` - *Type:* str ARN of the nodegroup. --- ##### \`nodegroup_name\`Required \`\`\`python nodegroup_name: str \`\`\` - *Type:* str Nodegroup name. --- ##### \`role\`Required \`\`\`python role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole IAM role of the instance profile for the nodegroup. --- ### OpenIdConnectProvider IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster > [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.OpenIdConnectProvider( scope: Construct, id: str, url: str ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | The definition scope. | | id | str | Construct ID. | | url | str | The URL of the identity provider. | --- ##### \`scope\`Required - *Type:* constructs.Construct The definition scope. --- ##### \`id\`Required - *Type:* str Construct ID. --- ##### \`url\`Required - *Type:* str The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | apply_removal_policy | Apply the given removal policy to this resource. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`apply_removal_policy\` \`\`\`python def apply_removal_policy( policy: RemovalPolicy ) -> None \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws_cdk.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | | is_resource | Check whether the given construct is a Resource. | | from_open_id_connect_provider_arn | Imports an Open ID connect provider from an ARN. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.OpenIdConnectProvider.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- ##### \`is_resource\` \`\`\`python from aws_cdk import aws_eks aws_eks.OpenIdConnectProvider.is_resource( construct: IConstruct ) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- ##### \`from_open_id_connect_provider_arn\` \`\`\`python from aws_cdk import aws_eks aws_eks.OpenIdConnectProvider.from_open_id_connect_provider_arn( scope: Construct, id: str, open_id_connect_provider_arn: str ) \`\`\` Imports an Open ID connect provider from an ARN. ###### \`scope\`Required - *Type:* constructs.Construct The definition scope. --- ###### \`id\`Required - *Type:* str ID of the construct. --- ###### \`open_id_connect_provider_arn\`Required - *Type:* str the ARN to import. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws_cdk.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.Stack | The stack in which this resource is defined. | | open_id_connect_provider_arn | str | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. | | open_id_connect_provider_issuer | str | The issuer for OIDC Provider. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this resource is defined. --- ##### \`open_id_connect_provider_arn\`Required \`\`\`python open_id_connect_provider_arn: str \`\`\` - *Type:* str The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. --- ##### \`open_id_connect_provider_issuer\`Required \`\`\`python open_id_connect_provider_issuer: str \`\`\` - *Type:* str The issuer for OIDC Provider. --- ### ServiceAccount - *Implements:* aws_cdk.aws_iam.IPrincipal Service Account. #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.ServiceAccount( scope: Construct, id: str, name: str = None, namespace: str = None, cluster: ICluster ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | str | *No description.* | | name | str | The name of the service account. | | namespace | str | The namespace of the service account. | | cluster | ICluster | The cluster to apply the patch to. | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* str --- ##### \`name\`Optional - *Type:* str - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional - *Type:* str - *Default:* "default" The namespace of the service account. --- ##### \`cluster\`Required - *Type:* ICluster The cluster to apply the patch to. --- #### Methods | **Name** | **Description** | | --- | --- | | to_string | Returns a string representation of this construct. | | add_to_principal_policy | Add to the policy of this principal. | --- ##### \`to_string\` \`\`\`python def to_string() -> str \`\`\` Returns a string representation of this construct. ##### \`add_to_principal_policy\` \`\`\`python def add_to_principal_policy( statement: PolicyStatement ) -> AddToPrincipalPolicyResult \`\`\` Add to the policy of this principal. ###### \`statement\`Required - *Type:* aws_cdk.aws_iam.PolicyStatement --- #### Static Functions | **Name** | **Description** | | --- | --- | | is_construct | Checks if \`x\` is a construct. | --- ##### ~~\`is_construct\`~~ \`\`\`python from aws_cdk import aws_eks aws_eks.ServiceAccount.is_construct( x: typing.Any ) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* typing.Any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | assume_role_action | str | When this Principal is used in an AssumeRole policy, the action to use. | | grant_principal | aws_cdk.aws_iam.IPrincipal | The principal to grant permissions to. | | policy_fragment | aws_cdk.aws_iam.PrincipalPolicyFragment | Return the policy fragment that identifies this principal in a Policy. | | role | aws_cdk.aws_iam.IRole | The role which is linked to the service account. | | service_account_name | str | The name of the service account. | | service_account_namespace | str | The namespace where the service account is located in. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`assume_role_action\`Required \`\`\`python assume_role_action: str \`\`\` - *Type:* str When this Principal is used in an AssumeRole policy, the action to use. --- ##### \`grant_principal\`Required \`\`\`python grant_principal: IPrincipal \`\`\` - *Type:* aws_cdk.aws_iam.IPrincipal The principal to grant permissions to. --- ##### \`policy_fragment\`Required \`\`\`python policy_fragment: PrincipalPolicyFragment \`\`\` - *Type:* aws_cdk.aws_iam.PrincipalPolicyFragment Return the policy fragment that identifies this principal in a Policy. --- ##### \`role\`Required \`\`\`python role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole The role which is linked to the service account. --- ##### \`service_account_name\`Required \`\`\`python service_account_name: str \`\`\` - *Type:* str The name of the service account. --- ##### \`service_account_namespace\`Required \`\`\`python service_account_namespace: str \`\`\` - *Type:* str The namespace where the service account is located in. --- ## Structs ### AutoScalingGroupCapacityOptions Options for adding worker nodes. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.AutoScalingGroupCapacityOptions( allow_all_outbound: bool = None, associate_public_ip_address: bool = None, auto_scaling_group_name: str = None, block_devices: typing.List[BlockDevice] = None, cooldown: Duration = None, desired_capacity: typing.Union[int, float] = None, group_metrics: typing.List[GroupMetrics] = None, health_check: HealthCheck = None, ignore_unmodified_size_properties: bool = None, instance_monitoring: Monitoring = None, key_name: str = None, max_capacity: typing.Union[int, float] = None, max_instance_lifetime: Duration = None, min_capacity: typing.Union[int, float] = None, new_instances_protected_from_scale_in: bool = None, notifications: typing.List[NotificationConfiguration] = None, signals: Signals = None, spot_price: str = None, update_policy: UpdatePolicy = None, vpc_subnets: SubnetSelection = None, instance_type: InstanceType, bootstrap_enabled: bool = None, bootstrap_options: BootstrapOptions = None, machine_image_type: MachineImageType = None, map_role: bool = None, spot_interrupt_handler: bool = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | allow_all_outbound | bool | Whether the instances can initiate connections to anywhere by default. | | associate_public_ip_address | bool | Whether instances in the Auto Scaling Group should have public IP addresses associated with them. | | auto_scaling_group_name | str | The name of the Auto Scaling group. | | block_devices | typing.List[aws_cdk.aws_autoscaling.BlockDevice] | Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. | | cooldown | aws_cdk.Duration | Default scaling cooldown for this AutoScalingGroup. | | desired_capacity | typing.Union[int, float] | Initial amount of instances in the fleet. | | group_metrics | typing.List[aws_cdk.aws_autoscaling.GroupMetrics] | Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. | | health_check | aws_cdk.aws_autoscaling.HealthCheck | Configuration for health checks. | | ignore_unmodified_size_properties | bool | If the ASG has scheduled actions, don't reset unchanged group sizes. | | instance_monitoring | aws_cdk.aws_autoscaling.Monitoring | Controls whether instances in this group are launched with detailed or basic monitoring. | | key_name | str | Name of SSH keypair to grant access to instances. | | max_capacity | typing.Union[int, float] | Maximum number of instances in the fleet. | | max_instance_lifetime | aws_cdk.Duration | The maximum amount of time that an instance can be in service. | | min_capacity | typing.Union[int, float] | Minimum number of instances in the fleet. | | new_instances_protected_from_scale_in | bool | Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. | | notifications | typing.List[aws_cdk.aws_autoscaling.NotificationConfiguration] | Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). | | signals | aws_cdk.aws_autoscaling.Signals | Configure waiting for signals during deployment. | | spot_price | str | The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. | | update_policy | aws_cdk.aws_autoscaling.UpdatePolicy | What to do when an AutoScalingGroup's instance configuration is changed. | | vpc_subnets | aws_cdk.aws_ec2.SubnetSelection | Where to place instances within the VPC. | | instance_type | aws_cdk.aws_ec2.InstanceType | Instance type of the instances to start. | | bootstrap_enabled | bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | bootstrap_options | BootstrapOptions | EKS node bootstrapping options. | | machine_image_type | MachineImageType | Machine image type. | | map_role | bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | spot_interrupt_handler | bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`allow_all_outbound\`Optional \`\`\`python allow_all_outbound: bool \`\`\` - *Type:* bool - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ##### \`associate_public_ip_address\`Optional \`\`\`python associate_public_ip_address: bool \`\`\` - *Type:* bool - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ##### \`auto_scaling_group_name\`Optional \`\`\`python auto_scaling_group_name: str \`\`\` - *Type:* str - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ##### \`block_devices\`Optional \`\`\`python block_devices: typing.List[BlockDevice] \`\`\` - *Type:* typing.List[aws_cdk.aws_autoscaling.BlockDevice] - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ##### \`cooldown\`Optional \`\`\`python cooldown: Duration \`\`\` - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ##### \`desired_capacity\`Optional \`\`\`python desired_capacity: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ##### \`group_metrics\`Optional \`\`\`python group_metrics: typing.List[GroupMetrics] \`\`\` - *Type:* typing.List[aws_cdk.aws_autoscaling.GroupMetrics] - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ##### \`health_check\`Optional \`\`\`python health_check: HealthCheck \`\`\` - *Type:* aws_cdk.aws_autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ##### \`ignore_unmodified_size_properties\`Optional \`\`\`python ignore_unmodified_size_properties: bool \`\`\` - *Type:* bool - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ##### \`instance_monitoring\`Optional \`\`\`python instance_monitoring: Monitoring \`\`\` - *Type:* aws_cdk.aws_autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ##### \`key_name\`Optional \`\`\`python key_name: str \`\`\` - *Type:* str - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ##### \`max_capacity\`Optional \`\`\`python max_capacity: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ##### \`max_instance_lifetime\`Optional \`\`\`python max_instance_lifetime: Duration \`\`\` - *Type:* aws_cdk.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ##### \`min_capacity\`Optional \`\`\`python min_capacity: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* 1 Minimum number of instances in the fleet. --- ##### \`new_instances_protected_from_scale_in\`Optional \`\`\`python new_instances_protected_from_scale_in: bool \`\`\` - *Type:* bool - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ##### \`notifications\`Optional \`\`\`python notifications: typing.List[NotificationConfiguration] \`\`\` - *Type:* typing.List[aws_cdk.aws_autoscaling.NotificationConfiguration] - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ##### \`signals\`Optional \`\`\`python signals: Signals \`\`\` - *Type:* aws_cdk.aws_autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ##### \`spot_price\`Optional \`\`\`python spot_price: str \`\`\` - *Type:* str - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ##### \`update_policy\`Optional \`\`\`python update_policy: UpdatePolicy \`\`\` - *Type:* aws_cdk.aws_autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### \`vpc_subnets\`Optional \`\`\`python vpc_subnets: SubnetSelection \`\`\` - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ##### \`instance_type\`Required \`\`\`python instance_type: InstanceType \`\`\` - *Type:* aws_cdk.aws_ec2.InstanceType Instance type of the instances to start. --- ##### \`bootstrap_enabled\`Optional \`\`\`python bootstrap_enabled: bool \`\`\` - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`bootstrap_options\`Optional \`\`\`python bootstrap_options: BootstrapOptions \`\`\` - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ##### \`machine_image_type\`Optional \`\`\`python machine_image_type: MachineImageType \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ##### \`map_role\`Optional \`\`\`python map_role: bool \`\`\` - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`spot_interrupt_handler\`Optional \`\`\`python spot_interrupt_handler: bool \`\`\` - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ### AutoScalingGroupOptions Options for adding an AutoScalingGroup as capacity. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.AutoScalingGroupOptions( bootstrap_enabled: bool = None, bootstrap_options: BootstrapOptions = None, machine_image_type: MachineImageType = None, map_role: bool = None, spot_interrupt_handler: bool = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | bootstrap_enabled | bool | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | bootstrap_options | BootstrapOptions | Allows options for node bootstrapping through EC2 user data. | | machine_image_type | MachineImageType | Allow options to specify different machine image type. | | map_role | bool | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | spot_interrupt_handler | bool | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`bootstrap_enabled\`Optional \`\`\`python bootstrap_enabled: bool \`\`\` - *Type:* bool - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`bootstrap_options\`Optional \`\`\`python bootstrap_options: BootstrapOptions \`\`\` - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ##### \`machine_image_type\`Optional \`\`\`python machine_image_type: MachineImageType \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ##### \`map_role\`Optional \`\`\`python map_role: bool \`\`\` - *Type:* bool - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`spot_interrupt_handler\`Optional \`\`\`python spot_interrupt_handler: bool \`\`\` - *Type:* bool - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ### AwsAuthMapping AwsAuth mapping. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.AwsAuthMapping( groups: typing.List[str], username: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | groups | typing.List[str] | A list of groups within Kubernetes to which the role is mapped. | | username | str | The user name within Kubernetes to map to the IAM role. | --- ##### \`groups\`Required \`\`\`python groups: typing.List[str] \`\`\` - *Type:* typing.List[str] A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`username\`Optional \`\`\`python username: str \`\`\` - *Type:* str - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- ### AwsAuthProps Configuration props for the AwsAuth construct. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.AwsAuthProps( cluster: Cluster ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`cluster\`Required \`\`\`python cluster: Cluster \`\`\` - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### BootstrapOptions EKS node bootstrapping options. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.BootstrapOptions( additional_args: str = None, aws_api_retry_attempts: typing.Union[int, float] = None, dns_cluster_ip: str = None, docker_config_json: str = None, enable_docker_bridge: bool = None, kubelet_extra_args: str = None, use_max_pods: bool = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | additional_args | str | Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. | | aws_api_retry_attempts | typing.Union[int, float] | Number of retry attempts for AWS API call (DescribeCluster). | | dns_cluster_ip | str | Overrides the IP address to use for DNS queries within the cluster. | | docker_config_json | str | The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. | | enable_docker_bridge | bool | Restores the docker default bridge network. | | kubelet_extra_args | str | Extra arguments to add to the kubelet. | | use_max_pods | bool | Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. | --- ##### \`additional_args\`Optional \`\`\`python additional_args: str \`\`\` - *Type:* str - *Default:* none Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. > [https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) --- ##### \`aws_api_retry_attempts\`Optional \`\`\`python aws_api_retry_attempts: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* 3 Number of retry attempts for AWS API call (DescribeCluster). --- ##### \`dns_cluster_ip\`Optional \`\`\`python dns_cluster_ip: str \`\`\` - *Type:* str - *Default:* 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface. Overrides the IP address to use for DNS queries within the cluster. --- ##### \`docker_config_json\`Optional \`\`\`python docker_config_json: str \`\`\` - *Type:* str - *Default:* none The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. --- ##### \`enable_docker_bridge\`Optional \`\`\`python enable_docker_bridge: bool \`\`\` - *Type:* bool - *Default:* false Restores the docker default bridge network. --- ##### \`kubelet_extra_args\`Optional \`\`\`python kubelet_extra_args: str \`\`\` - *Type:* str - *Default:* none Extra arguments to add to the kubelet. Useful for adding labels or taints. --- *Example* \`\`\`python # Example automatically generated from non-compiling source. May contain errors. --node - labelsfoo = bar , goo = far \`\`\` ##### \`use_max_pods\`Optional \`\`\`python use_max_pods: bool \`\`\` - *Type:* bool - *Default:* true Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. --- ### CfnAddonProps Properties for defining a \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnAddonProps( addon_name: str, cluster_name: str, addon_version: str = None, resolve_conflicts: str = None, service_account_role_arn: str = None, tags: typing.List[CfnTag] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | addon_name | str | \`AWS::EKS::Addon.AddonName\`. | | cluster_name | str | \`AWS::EKS::Addon.ClusterName\`. | | addon_version | str | \`AWS::EKS::Addon.AddonVersion\`. | | resolve_conflicts | str | \`AWS::EKS::Addon.ResolveConflicts\`. | | service_account_role_arn | str | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | tags | typing.List[aws_cdk.CfnTag] | \`AWS::EKS::Addon.Tags\`. | --- ##### \`addon_name\`Required \`\`\`python addon_name: str \`\`\` - *Type:* str \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addon_version\`Optional \`\`\`python addon_version: str \`\`\` - *Type:* str \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolve_conflicts\`Optional \`\`\`python resolve_conflicts: str \`\`\` - *Type:* str \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`service_account_role_arn\`Optional \`\`\`python service_account_role_arn: str \`\`\` - *Type:* str \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`tags\`Optional \`\`\`python tags: typing.List[CfnTag] \`\`\` - *Type:* typing.List[aws_cdk.CfnTag] \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ### CfnClusterProps Properties for defining a \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnClusterProps( resources_vpc_config: typing.Union[ResourcesVpcConfigProperty, IResolvable], role_arn: str, encryption_config: typing.Union[IResolvable, typing.List[typing.Union[EncryptionConfigProperty, IResolvable]]] = None, kubernetes_network_config: typing.Union[KubernetesNetworkConfigProperty, IResolvable] = None, name: str = None, version: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | resources_vpc_config | typing.Union[ResourcesVpcConfigProperty, aws_cdk.IResolvable] | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | role_arn | str | \`AWS::EKS::Cluster.RoleArn\`. | | encryption_config | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[EncryptionConfigProperty, aws_cdk.IResolvable]]] | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetes_network_config | typing.Union[KubernetesNetworkConfigProperty, aws_cdk.IResolvable] | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | str | \`AWS::EKS::Cluster.Name\`. | | version | str | \`AWS::EKS::Cluster.Version\`. | --- ##### \`resources_vpc_config\`Required \`\`\`python resources_vpc_config: typing.Union[ResourcesVpcConfigProperty, IResolvable] \`\`\` - *Type:* typing.Union[ResourcesVpcConfigProperty, aws_cdk.IResolvable] \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`role_arn\`Required \`\`\`python role_arn: str \`\`\` - *Type:* str \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryption_config\`Optional \`\`\`python encryption_config: typing.Union[IResolvable, typing.List[typing.Union[EncryptionConfigProperty, IResolvable]]] \`\`\` - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[EncryptionConfigProperty, aws_cdk.IResolvable]]] \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetes_network_config\`Optional \`\`\`python kubernetes_network_config: typing.Union[KubernetesNetworkConfigProperty, IResolvable] \`\`\` - *Type:* typing.Union[KubernetesNetworkConfigProperty, aws_cdk.IResolvable] \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional \`\`\`python name: str \`\`\` - *Type:* str \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional \`\`\`python version: str \`\`\` - *Type:* str \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- ### CfnFargateProfileProps Properties for defining a \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnFargateProfileProps( cluster_name: str, pod_execution_role_arn: str, selectors: typing.Union[IResolvable, typing.List[typing.Union[SelectorProperty, IResolvable]]], fargate_profile_name: str = None, subnets: typing.List[str] = None, tags: typing.List[CfnTag] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster_name | str | \`AWS::EKS::FargateProfile.ClusterName\`. | | pod_execution_role_arn | str | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[SelectorProperty, aws_cdk.IResolvable]]] | \`AWS::EKS::FargateProfile.Selectors\`. | | fargate_profile_name | str | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | typing.List[str] | \`AWS::EKS::FargateProfile.Subnets\`. | | tags | typing.List[aws_cdk.CfnTag] | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`pod_execution_role_arn\`Required \`\`\`python pod_execution_role_arn: str \`\`\` - *Type:* str \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required \`\`\`python selectors: typing.Union[IResolvable, typing.List[typing.Union[SelectorProperty, IResolvable]]] \`\`\` - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[SelectorProperty, aws_cdk.IResolvable]]] \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargate_profile_name\`Optional \`\`\`python fargate_profile_name: str \`\`\` - *Type:* str \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional \`\`\`python subnets: typing.List[str] \`\`\` - *Type:* typing.List[str] \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`tags\`Optional \`\`\`python tags: typing.List[CfnTag] \`\`\` - *Type:* typing.List[aws_cdk.CfnTag] \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ### CfnNodegroupProps Properties for defining a \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnNodegroupProps( cluster_name: str, node_role: str, subnets: typing.List[str], ami_type: str = None, capacity_type: str = None, disk_size: typing.Union[int, float] = None, force_update_enabled: typing.Union[bool, IResolvable] = None, instance_types: typing.List[str] = None, labels: typing.Any = None, launch_template: typing.Union[LaunchTemplateSpecificationProperty, IResolvable] = None, nodegroup_name: str = None, release_version: str = None, remote_access: typing.Union[RemoteAccessProperty, IResolvable] = None, scaling_config: typing.Union[ScalingConfigProperty, IResolvable] = None, tags: typing.Any = None, taints: typing.Union[IResolvable, typing.List[typing.Union[TaintProperty, IResolvable]]] = None, version: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster_name | str | \`AWS::EKS::Nodegroup.ClusterName\`. | | node_role | str | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | typing.List[str] | \`AWS::EKS::Nodegroup.Subnets\`. | | ami_type | str | \`AWS::EKS::Nodegroup.AmiType\`. | | capacity_type | str | \`AWS::EKS::Nodegroup.CapacityType\`. | | disk_size | typing.Union[int, float] | \`AWS::EKS::Nodegroup.DiskSize\`. | | force_update_enabled | typing.Union[bool, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instance_types | typing.List[str] | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | labels | typing.Any | \`AWS::EKS::Nodegroup.Labels\`. | | launch_template | typing.Union[LaunchTemplateSpecificationProperty, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroup_name | str | \`AWS::EKS::Nodegroup.NodegroupName\`. | | release_version | str | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remote_access | typing.Union[RemoteAccessProperty, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scaling_config | typing.Union[ScalingConfigProperty, aws_cdk.IResolvable] | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | tags | typing.Any | \`AWS::EKS::Nodegroup.Tags\`. | | taints | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[TaintProperty, aws_cdk.IResolvable]]] | \`AWS::EKS::Nodegroup.Taints\`. | | version | str | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`node_role\`Required \`\`\`python node_role: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required \`\`\`python subnets: typing.List[str] \`\`\` - *Type:* typing.List[str] \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`ami_type\`Optional \`\`\`python ami_type: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacity_type\`Optional \`\`\`python capacity_type: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`disk_size\`Optional \`\`\`python disk_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`force_update_enabled\`Optional \`\`\`python force_update_enabled: typing.Union[bool, IResolvable] \`\`\` - *Type:* typing.Union[bool, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instance_types\`Optional \`\`\`python instance_types: typing.List[str] \`\`\` - *Type:* typing.List[str] \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`python labels: typing.Any \`\`\` - *Type:* typing.Any \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`launch_template\`Optional \`\`\`python launch_template: typing.Union[LaunchTemplateSpecificationProperty, IResolvable] \`\`\` - *Type:* typing.Union[LaunchTemplateSpecificationProperty, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroup_name\`Optional \`\`\`python nodegroup_name: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`release_version\`Optional \`\`\`python release_version: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remote_access\`Optional \`\`\`python remote_access: typing.Union[RemoteAccessProperty, IResolvable] \`\`\` - *Type:* typing.Union[RemoteAccessProperty, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scaling_config\`Optional \`\`\`python scaling_config: typing.Union[ScalingConfigProperty, IResolvable] \`\`\` - *Type:* typing.Union[ScalingConfigProperty, aws_cdk.IResolvable] \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`tags\`Optional \`\`\`python tags: typing.Any \`\`\` - *Type:* typing.Any \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`taints\`Optional \`\`\`python taints: typing.Union[IResolvable, typing.List[typing.Union[TaintProperty, IResolvable]]] \`\`\` - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[TaintProperty, aws_cdk.IResolvable]]] \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional \`\`\`python version: str \`\`\` - *Type:* str \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- ### ClusterAttributes Attributes for EKS clusters. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.ClusterAttributes( cluster_name: str, cluster_certificate_authority_data: str = None, cluster_encryption_config_key_arn: str = None, cluster_endpoint: str = None, cluster_security_group_id: str = None, kubectl_environment: typing.Mapping[str] = None, kubectl_layer: ILayerVersion = None, kubectl_memory: Size = None, kubectl_private_subnet_ids: typing.List[str] = None, kubectl_role_arn: str = None, kubectl_security_group_id: str = None, open_id_connect_provider: IOpenIdConnectProvider = None, prune: bool = None, security_group_ids: typing.List[str] = None, vpc: IVpc = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster_name | str | The physical name of the Cluster. | | cluster_certificate_authority_data | str | The certificate-authority-data for your cluster. | | cluster_encryption_config_key_arn | str | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | cluster_endpoint | str | The API Server endpoint URL. | | cluster_security_group_id | str | The cluster security group that was created by Amazon EKS for the cluster. | | kubectl_environment | typing.Mapping[str] | Environment variables to use when running \`kubectl\` against this cluster. | | kubectl_layer | aws_cdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectl_memory | aws_cdk.Size | Amount of memory to allocate to the provider's lambda function. | | kubectl_private_subnet_ids | typing.List[str] | Subnets to host the \`kubectl\` compute resources. | | kubectl_role_arn | str | An IAM role with cluster administrator and "system:masters" permissions. | | kubectl_security_group_id | str | A security group to use for \`kubectl\` execution. | | open_id_connect_provider | aws_cdk.aws_iam.IOpenIdConnectProvider | An Open ID Connect provider for this cluster that can be used to configure service accounts. | | prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | security_group_ids | typing.List[str] | Additional security groups associated with this cluster. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which this Cluster was created. | --- ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str The physical name of the Cluster. --- ##### \`cluster_certificate_authority_data\`Optional \`\`\`python cluster_certificate_authority_data: str \`\`\` - *Type:* str - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ##### \`cluster_encryption_config_key_arn\`Optional \`\`\`python cluster_encryption_config_key_arn: str \`\`\` - *Type:* str - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`cluster_endpoint\`Optional \`\`\`python cluster_endpoint: str \`\`\` - *Type:* str - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ##### \`cluster_security_group_id\`Optional \`\`\`python cluster_security_group_id: str \`\`\` - *Type:* str - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`kubectl_environment\`Optional \`\`\`python kubectl_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ##### \`kubectl_layer\`Optional \`\`\`python kubectl_layer: ILayerVersion \`\`\` - *Type:* aws_cdk.aws_lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: \`\`\` helm/helm kubectl/kubectl awscli/aws \`\`\` --- ##### \`kubectl_memory\`Optional \`\`\`python kubectl_memory: Size \`\`\` - *Type:* aws_cdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`kubectl_private_subnet_ids\`Optional \`\`\`python kubectl_private_subnet_ids: typing.List[str] \`\`\` - *Type:* typing.List[str] - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`kubectl_role_arn\`Optional \`\`\`python kubectl_role_arn: str \`\`\` - *Type:* str - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ##### \`kubectl_security_group_id\`Optional \`\`\`python kubectl_security_group_id: str \`\`\` - *Type:* str - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`open_id_connect_provider\`Optional \`\`\`python open_id_connect_provider: IOpenIdConnectProvider \`\`\` - *Type:* aws_cdk.aws_iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ##### \`prune\`Optional \`\`\`python prune: bool \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`security_group_ids\`Optional \`\`\`python security_group_ids: typing.List[str] \`\`\` - *Type:* typing.List[str] - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ##### \`vpc\`Optional \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- ### ClusterOptions Options for EKS clusters. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.ClusterOptions( version: KubernetesVersion, cluster_name: str = None, output_cluster_name: bool = None, output_config_command: bool = None, role: IRole = None, security_group: ISecurityGroup = None, vpc: IVpc = None, vpc_subnets: typing.List[SubnetSelection] = None, cluster_handler_environment: typing.Mapping[str] = None, core_dns_compute_type: CoreDnsComputeType = None, endpoint_access: EndpointAccess = None, kubectl_environment: typing.Mapping[str] = None, kubectl_layer: ILayerVersion = None, kubectl_memory: Size = None, masters_role: IRole = None, output_masters_role_arn: bool = None, place_cluster_handler_in_vpc: bool = None, prune: bool = None, secrets_encryption_key: IKey = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | cluster_name | str | Name for the cluster. | | output_cluster_name | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | output_config_command | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws_cdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | security_group | aws_cdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpc_subnets | typing.List[aws_cdk.aws_ec2.SubnetSelection] | Where to place EKS Control Plane ENIs. | | cluster_handler_environment | typing.Mapping[str] | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | core_dns_compute_type | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpoint_access | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectl_environment | typing.Mapping[str] | Environment variables for the kubectl execution. | | kubectl_layer | aws_cdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectl_memory | aws_cdk.Size | Amount of memory to allocate to the provider's lambda function. | | masters_role | aws_cdk.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | output_masters_role_arn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | place_cluster_handler_in_vpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secrets_encryption_key | aws_cdk.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | --- ##### \`version\`Required \`\`\`python version: KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`cluster_name\`Optional \`\`\`python cluster_name: str \`\`\` - *Type:* str - *Default:* Automatically generated name Name for the cluster. --- ##### \`output_cluster_name\`Optional \`\`\`python output_cluster_name: bool \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`output_config_command\`Optional \`\`\`python output_config_command: bool \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`python role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`security_group\`Optional \`\`\`python security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpc_subnets\`Optional \`\`\`python vpc_subnets: typing.List[SubnetSelection] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.SubnetSelection] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`cluster_handler_environment\`Optional \`\`\`python cluster_handler_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`core_dns_compute_type\`Optional \`\`\`python core_dns_compute_type: CoreDnsComputeType \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpoint_access\`Optional \`\`\`python endpoint_access: EndpointAccess \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectl_environment\`Optional \`\`\`python kubectl_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectl_layer\`Optional \`\`\`python kubectl_layer: ILayerVersion \`\`\` - *Type:* aws_cdk.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. layer = lambda_.LayerVersion(self, "kubectl-layer", code=lambda_.Code.from_asset(f"{__dirname}/layer.zip") )# compatible_runtimes: [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectl_memory\`Optional \`\`\`python kubectl_memory: Size \`\`\` - *Type:* aws_cdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`masters_role\`Optional \`\`\`python masters_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`output_masters_role_arn\`Optional \`\`\`python output_masters_role_arn: bool \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`place_cluster_handler_in_vpc\`Optional \`\`\`python place_cluster_handler_in_vpc: bool \`\`\` - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`python prune: bool \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secrets_encryption_key\`Optional \`\`\`python secrets_encryption_key: IKey \`\`\` - *Type:* aws_cdk.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ### ClusterProps Common configuration props for EKS clusters. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.ClusterProps( version: KubernetesVersion, cluster_name: str = None, output_cluster_name: bool = None, output_config_command: bool = None, role: IRole = None, security_group: ISecurityGroup = None, vpc: IVpc = None, vpc_subnets: typing.List[SubnetSelection] = None, cluster_handler_environment: typing.Mapping[str] = None, core_dns_compute_type: CoreDnsComputeType = None, endpoint_access: EndpointAccess = None, kubectl_environment: typing.Mapping[str] = None, kubectl_layer: ILayerVersion = None, kubectl_memory: Size = None, masters_role: IRole = None, output_masters_role_arn: bool = None, place_cluster_handler_in_vpc: bool = None, prune: bool = None, secrets_encryption_key: IKey = None, default_capacity: typing.Union[int, float] = None, default_capacity_instance: InstanceType = None, default_capacity_type: DefaultCapacityType = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | cluster_name | str | Name for the cluster. | | output_cluster_name | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | output_config_command | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws_cdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | security_group | aws_cdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpc_subnets | typing.List[aws_cdk.aws_ec2.SubnetSelection] | Where to place EKS Control Plane ENIs. | | cluster_handler_environment | typing.Mapping[str] | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | core_dns_compute_type | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpoint_access | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectl_environment | typing.Mapping[str] | Environment variables for the kubectl execution. | | kubectl_layer | aws_cdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectl_memory | aws_cdk.Size | Amount of memory to allocate to the provider's lambda function. | | masters_role | aws_cdk.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | output_masters_role_arn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | place_cluster_handler_in_vpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secrets_encryption_key | aws_cdk.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | default_capacity | typing.Union[int, float] | Number of instances to allocate as an initial capacity for this cluster. | | default_capacity_instance | aws_cdk.aws_ec2.InstanceType | The instance type to use for the default capacity. | | default_capacity_type | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`version\`Required \`\`\`python version: KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`cluster_name\`Optional \`\`\`python cluster_name: str \`\`\` - *Type:* str - *Default:* Automatically generated name Name for the cluster. --- ##### \`output_cluster_name\`Optional \`\`\`python output_cluster_name: bool \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`output_config_command\`Optional \`\`\`python output_config_command: bool \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`python role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`security_group\`Optional \`\`\`python security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpc_subnets\`Optional \`\`\`python vpc_subnets: typing.List[SubnetSelection] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.SubnetSelection] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`cluster_handler_environment\`Optional \`\`\`python cluster_handler_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`core_dns_compute_type\`Optional \`\`\`python core_dns_compute_type: CoreDnsComputeType \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpoint_access\`Optional \`\`\`python endpoint_access: EndpointAccess \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectl_environment\`Optional \`\`\`python kubectl_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectl_layer\`Optional \`\`\`python kubectl_layer: ILayerVersion \`\`\` - *Type:* aws_cdk.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. layer = lambda_.LayerVersion(self, "kubectl-layer", code=lambda_.Code.from_asset(f"{__dirname}/layer.zip") )# compatible_runtimes: [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectl_memory\`Optional \`\`\`python kubectl_memory: Size \`\`\` - *Type:* aws_cdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`masters_role\`Optional \`\`\`python masters_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`output_masters_role_arn\`Optional \`\`\`python output_masters_role_arn: bool \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`place_cluster_handler_in_vpc\`Optional \`\`\`python place_cluster_handler_in_vpc: bool \`\`\` - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`python prune: bool \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secrets_encryption_key\`Optional \`\`\`python secrets_encryption_key: IKey \`\`\` - *Type:* aws_cdk.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`default_capacity\`Optional \`\`\`python default_capacity: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`default_capacity_instance\`Optional \`\`\`python default_capacity_instance: InstanceType \`\`\` - *Type:* aws_cdk.aws_ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`default_capacity_type\`Optional \`\`\`python default_capacity_type: DefaultCapacityType \`\`\` - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- ### CommonClusterOptions Options for configuring an EKS cluster. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CommonClusterOptions( version: KubernetesVersion, cluster_name: str = None, output_cluster_name: bool = None, output_config_command: bool = None, role: IRole = None, security_group: ISecurityGroup = None, vpc: IVpc = None, vpc_subnets: typing.List[SubnetSelection] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | cluster_name | str | Name for the cluster. | | output_cluster_name | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | output_config_command | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws_cdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | security_group | aws_cdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpc_subnets | typing.List[aws_cdk.aws_ec2.SubnetSelection] | Where to place EKS Control Plane ENIs. | --- ##### \`version\`Required \`\`\`python version: KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`cluster_name\`Optional \`\`\`python cluster_name: str \`\`\` - *Type:* str - *Default:* Automatically generated name Name for the cluster. --- ##### \`output_cluster_name\`Optional \`\`\`python output_cluster_name: bool \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`output_config_command\`Optional \`\`\`python output_config_command: bool \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`python role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`security_group\`Optional \`\`\`python security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpc_subnets\`Optional \`\`\`python vpc_subnets: typing.List[SubnetSelection] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.SubnetSelection] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ### EksOptimizedImageProps Properties for EksOptimizedImage. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.EksOptimizedImageProps( cpu_arch: CpuArch = None, kubernetes_version: str = None, node_type: NodeType = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cpu_arch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | kubernetes_version | str | The Kubernetes version to use. | | node_type | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`cpu_arch\`Optional \`\`\`python cpu_arch: CpuArch \`\`\` - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`kubernetes_version\`Optional \`\`\`python kubernetes_version: str \`\`\` - *Type:* str - *Default:* The latest version The Kubernetes version to use. --- ##### \`node_type\`Optional \`\`\`python node_type: NodeType \`\`\` - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- ### EncryptionConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnCluster.EncryptionConfigProperty( provider: typing.Union[ProviderProperty, IResolvable] = None, resources: typing.List[str] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | provider | typing.Union[ProviderProperty, aws_cdk.IResolvable] | \`CfnCluster.EncryptionConfigProperty.Provider\`. | | resources | typing.List[str] | \`CfnCluster.EncryptionConfigProperty.Resources\`. | --- ##### \`provider\`Optional \`\`\`python provider: typing.Union[ProviderProperty, IResolvable] \`\`\` - *Type:* typing.Union[ProviderProperty, aws_cdk.IResolvable] \`CfnCluster.EncryptionConfigProperty.Provider\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider) --- ##### \`resources\`Optional \`\`\`python resources: typing.List[str] \`\`\` - *Type:* typing.List[str] \`CfnCluster.EncryptionConfigProperty.Resources\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources) --- ### FargateClusterProps Configuration props for EKS Fargate. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.FargateClusterProps( version: KubernetesVersion, cluster_name: str = None, output_cluster_name: bool = None, output_config_command: bool = None, role: IRole = None, security_group: ISecurityGroup = None, vpc: IVpc = None, vpc_subnets: typing.List[SubnetSelection] = None, cluster_handler_environment: typing.Mapping[str] = None, core_dns_compute_type: CoreDnsComputeType = None, endpoint_access: EndpointAccess = None, kubectl_environment: typing.Mapping[str] = None, kubectl_layer: ILayerVersion = None, kubectl_memory: Size = None, masters_role: IRole = None, output_masters_role_arn: bool = None, place_cluster_handler_in_vpc: bool = None, prune: bool = None, secrets_encryption_key: IKey = None, default_profile: FargateProfileOptions = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | cluster_name | str | Name for the cluster. | | output_cluster_name | bool | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | output_config_command | bool | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws_cdk.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | security_group | aws_cdk.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpc_subnets | typing.List[aws_cdk.aws_ec2.SubnetSelection] | Where to place EKS Control Plane ENIs. | | cluster_handler_environment | typing.Mapping[str] | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | core_dns_compute_type | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpoint_access | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectl_environment | typing.Mapping[str] | Environment variables for the kubectl execution. | | kubectl_layer | aws_cdk.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectl_memory | aws_cdk.Size | Amount of memory to allocate to the provider's lambda function. | | masters_role | aws_cdk.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | output_masters_role_arn | bool | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | place_cluster_handler_in_vpc | bool | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | bool | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secrets_encryption_key | aws_cdk.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | default_profile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`version\`Required \`\`\`python version: KubernetesVersion \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`cluster_name\`Optional \`\`\`python cluster_name: str \`\`\` - *Type:* str - *Default:* Automatically generated name Name for the cluster. --- ##### \`output_cluster_name\`Optional \`\`\`python output_cluster_name: bool \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`output_config_command\`Optional \`\`\`python output_config_command: bool \`\`\` - *Type:* bool - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`python role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`security_group\`Optional \`\`\`python security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpc_subnets\`Optional \`\`\`python vpc_subnets: typing.List[SubnetSelection] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.SubnetSelection] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`cluster_handler_environment\`Optional \`\`\`python cluster_handler_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`core_dns_compute_type\`Optional \`\`\`python core_dns_compute_type: CoreDnsComputeType \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpoint_access\`Optional \`\`\`python endpoint_access: EndpointAccess \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectl_environment\`Optional \`\`\`python kubectl_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectl_layer\`Optional \`\`\`python kubectl_layer: ILayerVersion \`\`\` - *Type:* aws_cdk.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`python # Example automatically generated from non-compiling source. May contain errors. layer = lambda_.LayerVersion(self, "kubectl-layer", code=lambda_.Code.from_asset(f"{__dirname}/layer.zip") )# compatible_runtimes: [lambda.Runtime.PROVIDED] \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectl_memory\`Optional \`\`\`python kubectl_memory: Size \`\`\` - *Type:* aws_cdk.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`masters_role\`Optional \`\`\`python masters_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`output_masters_role_arn\`Optional \`\`\`python output_masters_role_arn: bool \`\`\` - *Type:* bool - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`place_cluster_handler_in_vpc\`Optional \`\`\`python place_cluster_handler_in_vpc: bool \`\`\` - *Type:* bool - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`python prune: bool \`\`\` - *Type:* bool - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secrets_encryption_key\`Optional \`\`\`python secrets_encryption_key: IKey \`\`\` - *Type:* aws_cdk.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`default_profile\`Optional \`\`\`python default_profile: FargateProfileOptions \`\`\` - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- ### FargateProfileOptions Options for defining EKS Fargate Profiles. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.FargateProfileOptions( selectors: typing.List[Selector], fargate_profile_name: str = None, pod_execution_role: IRole = None, subnet_selection: SubnetSelection = None, vpc: IVpc = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | selectors | typing.List[Selector] | The selectors to match for pods to use this Fargate profile. | | fargate_profile_name | str | The name of the Fargate profile. | | pod_execution_role | aws_cdk.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnet_selection | aws_cdk.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | --- ##### \`selectors\`Required \`\`\`python selectors: typing.List[Selector] \`\`\` - *Type:* typing.List[Selector] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargate_profile_name\`Optional \`\`\`python fargate_profile_name: str \`\`\` - *Type:* str - *Default:* generated The name of the Fargate profile. --- ##### \`pod_execution_role\`Optional \`\`\`python pod_execution_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnet_selection\`Optional \`\`\`python subnet_selection: SubnetSelection \`\`\` - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ### FargateProfileProps Configuration props for EKS Fargate Profiles. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.FargateProfileProps( selectors: typing.List[Selector], fargate_profile_name: str = None, pod_execution_role: IRole = None, subnet_selection: SubnetSelection = None, vpc: IVpc = None, cluster: Cluster ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | selectors | typing.List[Selector] | The selectors to match for pods to use this Fargate profile. | | fargate_profile_name | str | The name of the Fargate profile. | | pod_execution_role | aws_cdk.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnet_selection | aws_cdk.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`selectors\`Required \`\`\`python selectors: typing.List[Selector] \`\`\` - *Type:* typing.List[Selector] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargate_profile_name\`Optional \`\`\`python fargate_profile_name: str \`\`\` - *Type:* str - *Default:* generated The name of the Fargate profile. --- ##### \`pod_execution_role\`Optional \`\`\`python pod_execution_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnet_selection\`Optional \`\`\`python subnet_selection: SubnetSelection \`\`\` - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`cluster\`Required \`\`\`python cluster: Cluster \`\`\` - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- ### HelmChartOptions Helm Chart options. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.HelmChartOptions( chart: str, create_namespace: bool = None, namespace: str = None, release: str = None, repository: str = None, timeout: Duration = None, values: typing.Mapping[typing.Any] = None, version: str = None, wait: bool = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | chart | str | The name of the chart. | | create_namespace | bool | create namespace if not exist. | | namespace | str | The Kubernetes namespace scope of the requests. | | release | str | The name of the release. | | repository | str | The repository which contains the chart. | | timeout | aws_cdk.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | typing.Mapping[typing.Any] | The values to be used by the chart. | | version | str | The chart version to install. | | wait | bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | --- ##### \`chart\`Required \`\`\`python chart: str \`\`\` - *Type:* str The name of the chart. --- ##### \`create_namespace\`Optional \`\`\`python create_namespace: bool \`\`\` - *Type:* bool - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional \`\`\`python namespace: str \`\`\` - *Type:* str - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional \`\`\`python release: str \`\`\` - *Type:* str - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional \`\`\`python repository: str \`\`\` - *Type:* str - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional \`\`\`python timeout: Duration \`\`\` - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional \`\`\`python values: typing.Mapping[typing.Any] \`\`\` - *Type:* typing.Mapping[typing.Any] - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional \`\`\`python version: str \`\`\` - *Type:* str - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional \`\`\`python wait: bool \`\`\` - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ### HelmChartProps Helm Chart properties. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.HelmChartProps( chart: str, create_namespace: bool = None, namespace: str = None, release: str = None, repository: str = None, timeout: Duration = None, values: typing.Mapping[typing.Any] = None, version: str = None, wait: bool = None, cluster: ICluster ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | chart | str | The name of the chart. | | create_namespace | bool | create namespace if not exist. | | namespace | str | The Kubernetes namespace scope of the requests. | | release | str | The name of the release. | | repository | str | The repository which contains the chart. | | timeout | aws_cdk.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | typing.Mapping[typing.Any] | The values to be used by the chart. | | version | str | The chart version to install. | | wait | bool | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`chart\`Required \`\`\`python chart: str \`\`\` - *Type:* str The name of the chart. --- ##### \`create_namespace\`Optional \`\`\`python create_namespace: bool \`\`\` - *Type:* bool - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional \`\`\`python namespace: str \`\`\` - *Type:* str - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional \`\`\`python release: str \`\`\` - *Type:* str - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional \`\`\`python repository: str \`\`\` - *Type:* str - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional \`\`\`python timeout: Duration \`\`\` - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional \`\`\`python values: typing.Mapping[typing.Any] \`\`\` - *Type:* typing.Mapping[typing.Any] - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional \`\`\`python version: str \`\`\` - *Type:* str - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional \`\`\`python wait: bool \`\`\` - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`cluster\`Required \`\`\`python cluster: ICluster \`\`\` - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### KubernetesManifestOptions Options for \`KubernetesManifest\`. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesManifestOptions( prune: bool = None, skip_validation: bool = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | prune | bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skip_validation | bool | A flag to signify if the manifest validation should be skipped. | --- ##### \`prune\`Optional \`\`\`python prune: bool \`\`\` - *Type:* bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skip_validation\`Optional \`\`\`python skip_validation: bool \`\`\` - *Type:* bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ### KubernetesManifestProps Properties for KubernetesManifest. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesManifestProps( prune: bool = None, skip_validation: bool = None, cluster: ICluster, manifest: typing.List[typing.Mapping[typing.Any]], overwrite: bool = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | prune | bool | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skip_validation | bool | A flag to signify if the manifest validation should be skipped. | | cluster | ICluster | The EKS cluster to apply this manifest to. | | manifest | typing.List[typing.Mapping[typing.Any]] | The manifest to apply. | | overwrite | bool | Overwrite any existing resources. | --- ##### \`prune\`Optional \`\`\`python prune: bool \`\`\` - *Type:* bool - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skip_validation\`Optional \`\`\`python skip_validation: bool \`\`\` - *Type:* bool - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`cluster\`Required \`\`\`python cluster: ICluster \`\`\` - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`manifest\`Required \`\`\`python manifest: typing.List[typing.Mapping[typing.Any]] \`\`\` - *Type:* typing.List[typing.Mapping[typing.Any]] The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`python [{ "api_version": "v1", "kind": "Pod", "metadata": {"name": "mypod"}, "spec": { "containers": [{"name": "hello", "image": "paulbouwer/hello-kubernetes:1.5", "ports": [{"container_port": 8080}]}] } }] \`\`\` ##### \`overwrite\`Optional \`\`\`python overwrite: bool \`\`\` - *Type:* bool - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- ### KubernetesNetworkConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnCluster.KubernetesNetworkConfigProperty( service_ipv4_cidr: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | service_ipv4_cidr | str | \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. | --- ##### \`service_ipv4_cidr\`Optional \`\`\`python service_ipv4_cidr: str \`\`\` - *Type:* str \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr) --- ### KubernetesObjectValueProps Properties for KubernetesObjectValue. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesObjectValueProps( cluster: ICluster, json_path: str, object_name: str, object_type: str, object_namespace: str = None, timeout: Duration = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster | ICluster | The EKS cluster to fetch attributes from. | | json_path | str | JSONPath to the specific value. | | object_name | str | The name of the object to query. | | object_type | str | The object type to query. | | object_namespace | str | The namespace the object belongs to. | | timeout | aws_cdk.Duration | Timeout for waiting on a value. | --- ##### \`cluster\`Required \`\`\`python cluster: ICluster \`\`\` - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`json_path\`Required \`\`\`python json_path: str \`\`\` - *Type:* str JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`object_name\`Required \`\`\`python object_name: str \`\`\` - *Type:* str The name of the object to query. --- ##### \`object_type\`Required \`\`\`python object_type: str \`\`\` - *Type:* str The object type to query. (e.g 'service', 'pod'...) --- ##### \`object_namespace\`Optional \`\`\`python object_namespace: str \`\`\` - *Type:* str - *Default:* 'default' The namespace the object belongs to. --- ##### \`timeout\`Optional \`\`\`python timeout: Duration \`\`\` - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- ### KubernetesPatchProps Properties for KubernetesPatch. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesPatchProps( apply_patch: typing.Mapping[typing.Any], cluster: ICluster, resource_name: str, restore_patch: typing.Mapping[typing.Any], patch_type: PatchType = None, resource_namespace: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | apply_patch | typing.Mapping[typing.Any] | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | cluster | ICluster | The cluster to apply the patch to. | | resource_name | str | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | restore_patch | typing.Mapping[typing.Any] | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | patch_type | PatchType | The patch type to pass to \`kubectl patch\`. | | resource_namespace | str | The kubernetes API namespace. | --- ##### \`apply_patch\`Required \`\`\`python apply_patch: typing.Mapping[typing.Any] \`\`\` - *Type:* typing.Mapping[typing.Any] The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`cluster\`Required \`\`\`python cluster: ICluster \`\`\` - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`resource_name\`Required \`\`\`python resource_name: str \`\`\` - *Type:* str The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`restore_patch\`Required \`\`\`python restore_patch: typing.Mapping[typing.Any] \`\`\` - *Type:* typing.Mapping[typing.Any] The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`patch_type\`Optional \`\`\`python patch_type: PatchType \`\`\` - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`resource_namespace\`Optional \`\`\`python resource_namespace: str \`\`\` - *Type:* str - *Default:* "default" The kubernetes API namespace. --- ### LabelProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnFargateProfile.LabelProperty( key: str, value: str ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | key | str | \`CfnFargateProfile.LabelProperty.Key\`. | | value | str | \`CfnFargateProfile.LabelProperty.Value\`. | --- ##### \`key\`Required \`\`\`python key: str \`\`\` - *Type:* str \`CfnFargateProfile.LabelProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key) --- ##### \`value\`Required \`\`\`python value: str \`\`\` - *Type:* str \`CfnFargateProfile.LabelProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value) --- ### LaunchTemplateSpec Launch template property specification. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.LaunchTemplateSpec( id: str, version: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | id | str | The Launch template ID. | | version | str | The launch template version to be used (optional). | --- ##### \`id\`Required \`\`\`python id: str \`\`\` - *Type:* str The Launch template ID. --- ##### \`version\`Optional \`\`\`python version: str \`\`\` - *Type:* str - *Default:* the default version of the launch template The launch template version to be used (optional). --- ### LaunchTemplateSpecificationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnNodegroup.LaunchTemplateSpecificationProperty( id: str = None, name: str = None, version: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | id | str | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. | | name | str | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. | | version | str | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. | --- ##### \`id\`Optional \`\`\`python id: str \`\`\` - *Type:* str \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id) --- ##### \`name\`Optional \`\`\`python name: str \`\`\` - *Type:* str \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name) --- ##### \`version\`Optional \`\`\`python version: str \`\`\` - *Type:* str \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version) --- ### NodegroupOptions The Nodegroup Options for addNodeGroup() method. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.NodegroupOptions( ami_type: NodegroupAmiType = None, capacity_type: CapacityType = None, desired_size: typing.Union[int, float] = None, disk_size: typing.Union[int, float] = None, force_update: bool = None, instance_types: typing.List[InstanceType] = None, labels: typing.Mapping[str] = None, launch_template_spec: LaunchTemplateSpec = None, max_size: typing.Union[int, float] = None, min_size: typing.Union[int, float] = None, nodegroup_name: str = None, node_role: IRole = None, release_version: str = None, remote_access: NodegroupRemoteAccess = None, subnets: SubnetSelection = None, tags: typing.Mapping[str] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ami_type | NodegroupAmiType | The AMI type for your node group. | | capacity_type | CapacityType | The capacity type of the nodegroup. | | desired_size | typing.Union[int, float] | The current number of worker nodes that the managed node group should maintain. | | disk_size | typing.Union[int, float] | The root device disk size (in GiB) for your node group instances. | | force_update | bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instance_types | typing.List[aws_cdk.aws_ec2.InstanceType] | The instance types to use for your node group. | | labels | typing.Mapping[str] | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launch_template_spec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | max_size | typing.Union[int, float] | The maximum number of worker nodes that the managed node group can scale out to. | | min_size | typing.Union[int, float] | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroup_name | str | Name of the Nodegroup. | | node_role | aws_cdk.aws_iam.IRole | The IAM role to associate with your node group. | | release_version | str | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remote_access | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | aws_cdk.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | typing.Mapping[str] | The metadata to apply to the node group to assist with categorization and organization. | --- ##### \`ami_type\`Optional \`\`\`python ami_type: NodegroupAmiType \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacity_type\`Optional \`\`\`python capacity_type: CapacityType \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desired_size\`Optional \`\`\`python desired_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`disk_size\`Optional \`\`\`python disk_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`force_update\`Optional \`\`\`python force_update: bool \`\`\` - *Type:* bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`instance_types\`Optional \`\`\`python instance_types: typing.List[InstanceType] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.InstanceType] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`python labels: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launch_template_spec\`Optional \`\`\`python launch_template_spec: LaunchTemplateSpec \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`max_size\`Optional \`\`\`python max_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`min_size\`Optional \`\`\`python min_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroup_name\`Optional \`\`\`python nodegroup_name: str \`\`\` - *Type:* str - *Default:* resource ID Name of the Nodegroup. --- ##### \`node_role\`Optional \`\`\`python node_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`release_version\`Optional \`\`\`python release_version: str \`\`\` - *Type:* str - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remote_access\`Optional \`\`\`python remote_access: NodegroupRemoteAccess \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional \`\`\`python subnets: SubnetSelection \`\`\` - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional \`\`\`python tags: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ### NodegroupProps NodeGroup properties interface. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.NodegroupProps( ami_type: NodegroupAmiType = None, capacity_type: CapacityType = None, desired_size: typing.Union[int, float] = None, disk_size: typing.Union[int, float] = None, force_update: bool = None, instance_types: typing.List[InstanceType] = None, labels: typing.Mapping[str] = None, launch_template_spec: LaunchTemplateSpec = None, max_size: typing.Union[int, float] = None, min_size: typing.Union[int, float] = None, nodegroup_name: str = None, node_role: IRole = None, release_version: str = None, remote_access: NodegroupRemoteAccess = None, subnets: SubnetSelection = None, tags: typing.Mapping[str] = None, cluster: ICluster ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ami_type | NodegroupAmiType | The AMI type for your node group. | | capacity_type | CapacityType | The capacity type of the nodegroup. | | desired_size | typing.Union[int, float] | The current number of worker nodes that the managed node group should maintain. | | disk_size | typing.Union[int, float] | The root device disk size (in GiB) for your node group instances. | | force_update | bool | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instance_types | typing.List[aws_cdk.aws_ec2.InstanceType] | The instance types to use for your node group. | | labels | typing.Mapping[str] | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launch_template_spec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | max_size | typing.Union[int, float] | The maximum number of worker nodes that the managed node group can scale out to. | | min_size | typing.Union[int, float] | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroup_name | str | Name of the Nodegroup. | | node_role | aws_cdk.aws_iam.IRole | The IAM role to associate with your node group. | | release_version | str | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remote_access | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | aws_cdk.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | typing.Mapping[str] | The metadata to apply to the node group to assist with categorization and organization. | | cluster | ICluster | Cluster resource. | --- ##### \`ami_type\`Optional \`\`\`python ami_type: NodegroupAmiType \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacity_type\`Optional \`\`\`python capacity_type: CapacityType \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desired_size\`Optional \`\`\`python desired_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`disk_size\`Optional \`\`\`python disk_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`force_update\`Optional \`\`\`python force_update: bool \`\`\` - *Type:* bool - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`instance_types\`Optional \`\`\`python instance_types: typing.List[InstanceType] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.InstanceType] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`python labels: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launch_template_spec\`Optional \`\`\`python launch_template_spec: LaunchTemplateSpec \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`max_size\`Optional \`\`\`python max_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`min_size\`Optional \`\`\`python min_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroup_name\`Optional \`\`\`python nodegroup_name: str \`\`\` - *Type:* str - *Default:* resource ID Name of the Nodegroup. --- ##### \`node_role\`Optional \`\`\`python node_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`release_version\`Optional \`\`\`python release_version: str \`\`\` - *Type:* str - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remote_access\`Optional \`\`\`python remote_access: NodegroupRemoteAccess \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional \`\`\`python subnets: SubnetSelection \`\`\` - *Type:* aws_cdk.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional \`\`\`python tags: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`cluster\`Required \`\`\`python cluster: ICluster \`\`\` - *Type:* ICluster Cluster resource. --- ### NodegroupRemoteAccess The remote access (SSH) configuration to use with your node group. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.NodegroupRemoteAccess( ssh_key_name: str, source_security_groups: typing.List[ISecurityGroup] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ssh_key_name | str | The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. | | source_security_groups | typing.List[aws_cdk.aws_ec2.ISecurityGroup] | The security groups that are allowed SSH access (port 22) to the worker nodes. | --- ##### \`ssh_key_name\`Required \`\`\`python ssh_key_name: str \`\`\` - *Type:* str The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. --- ##### \`source_security_groups\`Optional \`\`\`python source_security_groups: typing.List[ISecurityGroup] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.ISecurityGroup] - *Default:* port 22 on the worker nodes is opened to the internet (0.0.0.0/0) The security groups that are allowed SSH access (port 22) to the worker nodes. If you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0). --- ### OpenIdConnectProviderProps Initialization properties for \`OpenIdConnectProvider\`. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.OpenIdConnectProviderProps( url: str ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | url | str | The URL of the identity provider. | --- ##### \`url\`Required \`\`\`python url: str \`\`\` - *Type:* str The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- ### ProviderProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnCluster.ProviderProperty( key_arn: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | key_arn | str | \`CfnCluster.ProviderProperty.KeyArn\`. | --- ##### \`key_arn\`Optional \`\`\`python key_arn: str \`\`\` - *Type:* str \`CfnCluster.ProviderProperty.KeyArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn) --- ### RemoteAccessProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnNodegroup.RemoteAccessProperty( ec2_ssh_key: str, source_security_groups: typing.List[str] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ec2_ssh_key | str | \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. | | source_security_groups | typing.List[str] | \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. | --- ##### \`ec2_ssh_key\`Required \`\`\`python ec2_ssh_key: str \`\`\` - *Type:* str \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey) --- ##### \`source_security_groups\`Optional \`\`\`python source_security_groups: typing.List[str] \`\`\` - *Type:* typing.List[str] \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups) --- ### ResourcesVpcConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnCluster.ResourcesVpcConfigProperty( subnet_ids: typing.List[str], security_group_ids: typing.List[str] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | subnet_ids | typing.List[str] | \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. | | security_group_ids | typing.List[str] | \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. | --- ##### \`subnet_ids\`Required \`\`\`python subnet_ids: typing.List[str] \`\`\` - *Type:* typing.List[str] \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids) --- ##### \`security_group_ids\`Optional \`\`\`python security_group_ids: typing.List[str] \`\`\` - *Type:* typing.List[str] \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids) --- ### ScalingConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnNodegroup.ScalingConfigProperty( desired_size: typing.Union[int, float] = None, max_size: typing.Union[int, float] = None, min_size: typing.Union[int, float] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | desired_size | typing.Union[int, float] | \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. | | max_size | typing.Union[int, float] | \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. | | min_size | typing.Union[int, float] | \`CfnNodegroup.ScalingConfigProperty.MinSize\`. | --- ##### \`desired_size\`Optional \`\`\`python desired_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize) --- ##### \`max_size\`Optional \`\`\`python max_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize) --- ##### \`min_size\`Optional \`\`\`python min_size: typing.Union[int, float] \`\`\` - *Type:* typing.Union[int, float] \`CfnNodegroup.ScalingConfigProperty.MinSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize) --- ### Selector Fargate profile selector. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.Selector( namespace: str, labels: typing.Mapping[str] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | str | The Kubernetes namespace that the selector should match. | | labels | typing.Mapping[str] | The Kubernetes labels that the selector should match. | --- ##### \`namespace\`Required \`\`\`python namespace: str \`\`\` - *Type:* str The Kubernetes namespace that the selector should match. You must specify a namespace for a selector. The selector only matches pods that are created in this namespace, but you can create multiple selectors to target multiple namespaces. --- ##### \`labels\`Optional \`\`\`python labels: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] - *Default:* all pods within the namespace will be selected. The Kubernetes labels that the selector should match. A pod must contain all of the labels that are specified in the selector for it to be considered a match. --- ### SelectorProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnFargateProfile.SelectorProperty( namespace: str, labels: typing.Union[IResolvable, typing.List[typing.Union[LabelProperty, IResolvable]]] = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | str | \`CfnFargateProfile.SelectorProperty.Namespace\`. | | labels | typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[LabelProperty, aws_cdk.IResolvable]]] | \`CfnFargateProfile.SelectorProperty.Labels\`. | --- ##### \`namespace\`Required \`\`\`python namespace: str \`\`\` - *Type:* str \`CfnFargateProfile.SelectorProperty.Namespace\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace) --- ##### \`labels\`Optional \`\`\`python labels: typing.Union[IResolvable, typing.List[typing.Union[LabelProperty, IResolvable]]] \`\`\` - *Type:* typing.Union[aws_cdk.IResolvable, typing.List[typing.Union[LabelProperty, aws_cdk.IResolvable]]] \`CfnFargateProfile.SelectorProperty.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels) --- ### ServiceAccountOptions Options for \`ServiceAccount\`. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.ServiceAccountOptions( name: str = None, namespace: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | str | The name of the service account. | | namespace | str | The namespace of the service account. | --- ##### \`name\`Optional \`\`\`python name: str \`\`\` - *Type:* str - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional \`\`\`python namespace: str \`\`\` - *Type:* str - *Default:* "default" The namespace of the service account. --- ### ServiceAccountProps Properties for defining service accounts. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.ServiceAccountProps( name: str = None, namespace: str = None, cluster: ICluster ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | str | The name of the service account. | | namespace | str | The namespace of the service account. | | cluster | ICluster | The cluster to apply the patch to. | --- ##### \`name\`Optional \`\`\`python name: str \`\`\` - *Type:* str - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional \`\`\`python namespace: str \`\`\` - *Type:* str - *Default:* "default" The namespace of the service account. --- ##### \`cluster\`Required \`\`\`python cluster: ICluster \`\`\` - *Type:* ICluster The cluster to apply the patch to. --- ### ServiceLoadBalancerAddressOptions Options for fetching a ServiceLoadBalancerAddress. #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.ServiceLoadBalancerAddressOptions( namespace: str = None, timeout: Duration = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | str | The namespace the service belongs to. | | timeout | aws_cdk.Duration | Timeout for waiting on the load balancer address. | --- ##### \`namespace\`Optional \`\`\`python namespace: str \`\`\` - *Type:* str - *Default:* 'default' The namespace the service belongs to. --- ##### \`timeout\`Optional \`\`\`python timeout: Duration \`\`\` - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- ### TaintProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html) #### Initializer \`\`\`python from aws_cdk import aws_eks aws_eks.CfnNodegroup.TaintProperty( effect: str = None, key: str = None, value: str = None ) \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | effect | str | \`CfnNodegroup.TaintProperty.Effect\`. | | key | str | \`CfnNodegroup.TaintProperty.Key\`. | | value | str | \`CfnNodegroup.TaintProperty.Value\`. | --- ##### \`effect\`Optional \`\`\`python effect: str \`\`\` - *Type:* str \`CfnNodegroup.TaintProperty.Effect\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect) --- ##### \`key\`Optional \`\`\`python key: str \`\`\` - *Type:* str \`CfnNodegroup.TaintProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key) --- ##### \`value\`Optional \`\`\`python value: str \`\`\` - *Type:* str \`CfnNodegroup.TaintProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value) --- ## Classes ### EksOptimizedImage - *Implements:* aws_cdk.aws_ec2.IMachineImage Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM. #### Initializers \`\`\`python from aws_cdk import aws_eks aws_eks.EksOptimizedImage( cpu_arch: CpuArch = None, kubernetes_version: str = None, node_type: NodeType = None ) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | cpu_arch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | kubernetes_version | str | The Kubernetes version to use. | | node_type | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`cpu_arch\`Optional - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`kubernetes_version\`Optional - *Type:* str - *Default:* The latest version The Kubernetes version to use. --- ##### \`node_type\`Optional - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- #### Methods | **Name** | **Description** | | --- | --- | | get_image | Return the correct image. | --- ##### \`get_image\` \`\`\`python def get_image( scope: Construct ) -> MachineImageConfig \`\`\` Return the correct image. ###### \`scope\`Required - *Type:* constructs.Construct --- ### EndpointAccess Endpoint access characteristics. #### Methods | **Name** | **Description** | | --- | --- | | only_from | Restrict public access to specific CIDR blocks. | --- ##### \`only_from\` \`\`\`python def only_from( cidr: str ) -> EndpointAccess \`\`\` Restrict public access to specific CIDR blocks. If public access is disabled, this method will result in an error. ###### \`cidr\`Required - *Type:* str CIDR blocks. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | PRIVATE | EndpointAccess | The cluster endpoint is only accessible through your VPC. | | PUBLIC | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | | PUBLIC_AND_PRIVATE | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | --- ##### \`PRIVATE\`Required \`\`\`python PRIVATE: EndpointAccess \`\`\` - *Type:* EndpointAccess The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC. --- ##### \`PUBLIC\`Required \`\`\`python PUBLIC: EndpointAccess \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic will leave your VPC to connect to the endpoint. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ##### \`PUBLIC_AND_PRIVATE\`Required \`\`\`python PUBLIC_AND_PRIVATE: EndpointAccess \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic to the endpoint will stay within your VPC. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC_AND_PRIVATE.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ### KubernetesVersion Kubernetes cluster version. #### Static Functions | **Name** | **Description** | | --- | --- | | of | Custom cluster version. | --- ##### \`of\` \`\`\`python from aws_cdk import aws_eks aws_eks.KubernetesVersion.of( version: str ) \`\`\` Custom cluster version. ###### \`version\`Required - *Type:* str custom version number. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | str | cluster version number. | --- ##### \`version\`Required \`\`\`python version: str \`\`\` - *Type:* str cluster version number. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | V1_14 | KubernetesVersion | Kubernetes version 1.14. | | V1_15 | KubernetesVersion | Kubernetes version 1.15. | | V1_16 | KubernetesVersion | Kubernetes version 1.16. | | V1_17 | KubernetesVersion | Kubernetes version 1.17. | | V1_18 | KubernetesVersion | Kubernetes version 1.18. | | V1_19 | KubernetesVersion | Kubernetes version 1.19. | --- ##### \`V1_14\`Required \`\`\`python V1_14: KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.14. --- ##### \`V1_15\`Required \`\`\`python V1_15: KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.15. --- ##### \`V1_16\`Required \`\`\`python V1_16: KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.16. --- ##### \`V1_17\`Required \`\`\`python V1_17: KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.17. --- ##### \`V1_18\`Required \`\`\`python V1_18: KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.18. --- ##### \`V1_19\`Required \`\`\`python V1_19: KubernetesVersion \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.19. --- ## Protocols ### ICluster - *Extends:* aws_cdk.IResource, aws_cdk.aws_ec2.IConnectable - *Implemented By:* Cluster, FargateCluster, ICluster An EKS cluster. #### Methods | **Name** | **Description** | | --- | --- | | add_cdk8s_chart | Defines a CDK8s chart in this cluster. | | add_helm_chart | Defines a Helm chart in this cluster. | | add_manifest | Defines a Kubernetes resource in this cluster. | | add_service_account | Creates a new service account with corresponding IAM Role (IRSA). | --- ##### \`add_cdk8s_chart\` \`\`\`python def add_cdk8s_chart( id: str, chart: Construct ) -> KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* str logical id of this chart. --- ###### \`chart\`Required - *Type:* constructs.Construct the cdk8s chart. --- ##### \`add_helm_chart\` \`\`\`python def add_helm_chart( id: str, chart: str, create_namespace: bool = None, namespace: str = None, release: str = None, repository: str = None, timeout: Duration = None, values: typing.Mapping[typing.Any] = None, version: str = None, wait: bool = None ) -> HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* str logical id of this chart. --- ###### \`chart\`Required - *Type:* str The name of the chart. --- ###### \`create_namespace\`Optional - *Type:* bool - *Default:* true create namespace if not exist. --- ###### \`namespace\`Optional - *Type:* str - *Default:* default The Kubernetes namespace scope of the requests. --- ###### \`release\`Optional - *Type:* str - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ###### \`repository\`Optional - *Type:* str - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ###### \`timeout\`Optional - *Type:* aws_cdk.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ###### \`values\`Optional - *Type:* typing.Mapping[typing.Any] - *Default:* No values are provided to the chart. The values to be used by the chart. --- ###### \`version\`Optional - *Type:* str - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ###### \`wait\`Optional - *Type:* bool - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`add_manifest\` \`\`\`python def add_manifest( id: str, manifest: typing.Mapping[typing.Any] ) -> KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* str logical id of this manifest. --- ###### \`manifest\`Required - *Type:* typing.Mapping[typing.Any] a list of Kubernetes resource specifications. --- ##### \`add_service_account\` \`\`\`python def add_service_account( id: str, name: str = None, namespace: str = None ) -> ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* str logical id of service account. --- ###### \`name\`Optional - *Type:* str - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ###### \`namespace\`Optional - *Type:* str - *Default:* "default" The namespace of the service account. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws_cdk.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.Stack | The stack in which this resource is defined. | | connections | aws_cdk.aws_ec2.Connections | *No description.* | | cluster_arn | str | The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. | | cluster_certificate_authority_data | str | The certificate-authority-data for your cluster. | | cluster_encryption_config_key_arn | str | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | cluster_endpoint | str | The API Server endpoint URL. | | cluster_name | str | The physical name of the Cluster. | | cluster_security_group | aws_cdk.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | cluster_security_group_id | str | The id of the cluster security group that was created by Amazon EKS for the cluster. | | open_id_connect_provider | aws_cdk.aws_iam.IOpenIdConnectProvider | The Open ID Connect Provider of the cluster used to configure Service Accounts. | | prune | bool | Indicates whether Kubernetes resources can be automatically pruned. | | vpc | aws_cdk.aws_ec2.IVpc | The VPC in which this Cluster was created. | | kubectl_environment | typing.Mapping[str] | Custom environment variables when running \`kubectl\` against this cluster. | | kubectl_layer | aws_cdk.aws_lambda.ILayerVersion | An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. | | kubectl_memory | aws_cdk.Size | Amount of memory to allocate to the provider's lambda function. | | kubectl_private_subnets | typing.List[aws_cdk.aws_ec2.ISubnet] | Subnets to host the \`kubectl\` compute resources. | | kubectl_role | aws_cdk.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectl_security_group | aws_cdk.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this resource is defined. --- ##### \`connections\`Required \`\`\`python connections: Connections \`\`\` - *Type:* aws_cdk.aws_ec2.Connections --- ##### \`cluster_arn\`Required \`\`\`python cluster_arn: str \`\`\` - *Type:* str The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. --- ##### \`cluster_certificate_authority_data\`Required \`\`\`python cluster_certificate_authority_data: str \`\`\` - *Type:* str The certificate-authority-data for your cluster. --- ##### \`cluster_encryption_config_key_arn\`Required \`\`\`python cluster_encryption_config_key_arn: str \`\`\` - *Type:* str Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`cluster_endpoint\`Required \`\`\`python cluster_endpoint: str \`\`\` - *Type:* str The API Server endpoint URL. --- ##### \`cluster_name\`Required \`\`\`python cluster_name: str \`\`\` - *Type:* str The physical name of the Cluster. --- ##### \`cluster_security_group\`Required \`\`\`python cluster_security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`cluster_security_group_id\`Required \`\`\`python cluster_security_group_id: str \`\`\` - *Type:* str The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`open_id_connect_provider\`Required \`\`\`python open_id_connect_provider: IOpenIdConnectProvider \`\`\` - *Type:* aws_cdk.aws_iam.IOpenIdConnectProvider The Open ID Connect Provider of the cluster used to configure Service Accounts. --- ##### \`prune\`Required \`\`\`python prune: bool \`\`\` - *Type:* bool Indicates whether Kubernetes resources can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`vpc\`Required \`\`\`python vpc: IVpc \`\`\` - *Type:* aws_cdk.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`kubectl_environment\`Optional \`\`\`python kubectl_environment: typing.Mapping[str] \`\`\` - *Type:* typing.Mapping[str] Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectl_layer\`Optional \`\`\`python kubectl_layer: ILayerVersion \`\`\` - *Type:* aws_cdk.aws_lambda.ILayerVersion An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. If not defined, a default layer will be used. --- ##### \`kubectl_memory\`Optional \`\`\`python kubectl_memory: Size \`\`\` - *Type:* aws_cdk.Size Amount of memory to allocate to the provider's lambda function. --- ##### \`kubectl_private_subnets\`Optional \`\`\`python kubectl_private_subnets: typing.List[ISubnet] \`\`\` - *Type:* typing.List[aws_cdk.aws_ec2.ISubnet] Subnets to host the \`kubectl\` compute resources. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ##### \`kubectl_role\`Optional \`\`\`python kubectl_role: IRole \`\`\` - *Type:* aws_cdk.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectl_security_group\`Optional \`\`\`python kubectl_security_group: ISecurityGroup \`\`\` - *Type:* aws_cdk.aws_ec2.ISecurityGroup A security group to use for \`kubectl\` execution. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ### INodegroup - *Extends:* aws_cdk.IResource - *Implemented By:* Nodegroup, INodegroup NodeGroup interface. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws_cdk.ResourceEnvironment | The environment this resource belongs to. | | stack | aws_cdk.Stack | The stack in which this resource is defined. | | nodegroup_name | str | Name of the nodegroup. | --- ##### \`node\`Required \`\`\`python node: Node \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`python env: ResourceEnvironment \`\`\` - *Type:* aws_cdk.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`python stack: Stack \`\`\` - *Type:* aws_cdk.Stack The stack in which this resource is defined. --- ##### \`nodegroup_name\`Required \`\`\`python nodegroup_name: str \`\`\` - *Type:* str Name of the nodegroup. --- ## Enums ### CapacityType Capacity type of the managed node group. #### Members | **Name** | **Description** | | --- | --- | | SPOT | spot instances. | | ON_DEMAND | on-demand instances. | --- ##### \`SPOT\` spot instances. --- ##### \`ON_DEMAND\` on-demand instances. --- ### CoreDnsComputeType The type of compute resources to use for CoreDNS. #### Members | **Name** | **Description** | | --- | --- | | EC2 | Deploy CoreDNS on EC2 instances. | | FARGATE | Deploy CoreDNS on Fargate-managed instances. | --- ##### \`EC2\` Deploy CoreDNS on EC2 instances. --- ##### \`FARGATE\` Deploy CoreDNS on Fargate-managed instances. --- ### CpuArch CPU architecture. #### Members | **Name** | **Description** | | --- | --- | | ARM_64 | arm64 CPU type. | | X86_64 | x86_64 CPU type. | --- ##### \`ARM_64\` arm64 CPU type. --- ##### \`X86_64\` x86_64 CPU type. --- ### DefaultCapacityType The default capacity type for the cluster. #### Members | **Name** | **Description** | | --- | --- | | NODEGROUP | managed node group. | | EC2 | EC2 autoscaling group. | --- ##### \`NODEGROUP\` managed node group. --- ##### \`EC2\` EC2 autoscaling group. --- ### MachineImageType The machine image type. #### Members | **Name** | **Description** | | --- | --- | | AMAZON_LINUX_2 | Amazon EKS-optimized Linux AMI. | | BOTTLEROCKET | Bottlerocket AMI. | --- ##### \`AMAZON_LINUX_2\` Amazon EKS-optimized Linux AMI. --- ##### \`BOTTLEROCKET\` Bottlerocket AMI. --- ### NodegroupAmiType The AMI type for your node group. GPU instance types should use the \`AL2_x86_64_GPU\` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the \`AL2_x86_64\` AMI type, which uses the Amazon EKS-optimized Linux AMI. #### Members | **Name** | **Description** | | --- | --- | | AL2_X86_64 | Amazon Linux 2 (x86-64). | | AL2_X86_64_GPU | Amazon Linux 2 with GPU support. | | AL2_ARM_64 | Amazon Linux 2 (ARM-64). | --- ##### \`AL2_X86_64\` Amazon Linux 2 (x86-64). --- ##### \`AL2_X86_64_GPU\` Amazon Linux 2 with GPU support. --- ##### \`AL2_ARM_64\` Amazon Linux 2 (ARM-64). --- ### NodeType Whether the worker nodes should support GPU or just standard instances. #### Members | **Name** | **Description** | | --- | --- | | STANDARD | Standard instances. | | GPU | GPU instances. | | INFERENTIA | Inferentia instances. | --- ##### \`STANDARD\` Standard instances. --- ##### \`GPU\` GPU instances. --- ##### \`INFERENTIA\` Inferentia instances. --- ### PatchType Values for \`kubectl patch\` --type argument. #### Members | **Name** | **Description** | | --- | --- | | JSON | JSON Patch, RFC 6902. | | MERGE | JSON Merge patch. | | STRATEGIC | Strategic merge patch. | --- ##### \`JSON\` JSON Patch, RFC 6902. --- ##### \`MERGE\` JSON Merge patch. --- ##### \`STRATEGIC\` Strategic merge patch. --- " `; exports[`typescript for package 1`] = ` "# Amazon ECR Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This package contains constructs for working with Amazon Elastic Container Registry. ## Repositories Define a repository by creating a new instance of \`Repository\`. A repository holds multiple verions of a single container image. \`\`\`ts const repository = new ecr.Repository(this, 'Repository'); \`\`\` ## Image scanning Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable \`imageScanOnPush\` in the properties \`\`\`ts const repository = new ecr.Repository(stack, 'Repo', { imageScanOnPush: true }); \`\`\` To create an \`onImageScanCompleted\` event rule and trigger the event target \`\`\`ts repository.onImageScanCompleted('ImageScanComplete') .addTarget(...) \`\`\` ### Authorization Token Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the \`GetAuthorizationToken\` ECR API. The following code snippets grants an IAM user access to call this API. \`\`\`ts import * as iam from '@aws-cdk/aws-iam'; import * as ecr from '@aws-cdk/aws-ecr'; const user = new iam.User(this, 'User', { ... }); ecr.AuthorizationToken.grantRead(user); \`\`\` If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits. > See \`Pricing\` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html). The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery. \`\`\`ts import * as iam from '@aws-cdk/aws-iam'; import * as ecr from '@aws-cdk/aws-ecr'; const user = new iam.User(this, 'User', { ... }); ecr.PublicGalleryAuthorizationToken.grantRead(user); \`\`\` This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth). ### Image tag immutability You can set tag immutability on images in our repository using the \`imageTagMutability\` construct prop. \`\`\`ts new ecr.Repository(stack, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE }); \`\`\` ## Automatically clean up repositories You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here): \`\`\`ts repository.addLifecycleRule({ tagPrefixList: ['prod'], maxImageCount: 9999 }); repository.addLifecycleRule({ maxImageAge: cdk.Duration.days(30) }); \`\`\` # API Reference ## Constructs ### CfnPublicRepository - *Implements:* @aws-cdk/core.IInspectable A CloudFormation \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializers \`\`\`typescript import { CfnPublicRepository } from '@aws-cdk/aws-ecr' new CfnPublicRepository(scope: Construct, id: string, props?: CfnPublicRepositoryProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | @aws-cdk/core.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnPublicRepositoryProps | - resource properties. | --- ##### \`scope\`Required - *Type:* @aws-cdk/core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Optional - *Type:* CfnPublicRepositoryProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* @aws-cdk/core.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* @aws-cdk/core.RemovalPolicy --- ###### \`options\`Optional - *Type:* @aws-cdk/core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* @aws-cdk/core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`typescript import { CfnPublicRepository } from '@aws-cdk/aws-ecr' CfnPublicRepository.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isCfnElement\` \`\`\`typescript import { CfnPublicRepository } from '@aws-cdk/aws-ecr' CfnPublicRepository.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { CfnPublicRepository } from '@aws-cdk/aws-ecr' CfnPublicRepository.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | @aws-cdk/core.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | @aws-cdk/core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrArn | string | *No description.* | | tags | @aws-cdk/core.TagManager | \`AWS::ECR::PublicRepository.Tags\`. | | repositoryCatalogData | any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryPolicyText | any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | repositoryName | string | \`AWS::ECR::PublicRepository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* @aws-cdk/core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrArn\`Required \`\`\`typescript public readonly attrArn: string; \`\`\` - *Type:* string --- ##### \`tags\`Required \`\`\`typescript public readonly tags: TagManager; \`\`\` - *Type:* @aws-cdk/core.TagManager \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ##### \`repositoryCatalogData\`Required \`\`\`typescript public readonly repositoryCatalogData: any; \`\`\` - *Type:* any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryPolicyText\`Required \`\`\`typescript public readonly repositoryPolicyText: any; \`\`\` - *Type:* any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnRegistryPolicy - *Implements:* @aws-cdk/core.IInspectable A CloudFormation \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializers \`\`\`typescript import { CfnRegistryPolicy } from '@aws-cdk/aws-ecr' new CfnRegistryPolicy(scope: Construct, id: string, props: CfnRegistryPolicyProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | @aws-cdk/core.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnRegistryPolicyProps | - resource properties. | --- ##### \`scope\`Required - *Type:* @aws-cdk/core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnRegistryPolicyProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* @aws-cdk/core.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* @aws-cdk/core.RemovalPolicy --- ###### \`options\`Optional - *Type:* @aws-cdk/core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* @aws-cdk/core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`typescript import { CfnRegistryPolicy } from '@aws-cdk/aws-ecr' CfnRegistryPolicy.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isCfnElement\` \`\`\`typescript import { CfnRegistryPolicy } from '@aws-cdk/aws-ecr' CfnRegistryPolicy.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { CfnRegistryPolicy } from '@aws-cdk/aws-ecr' CfnRegistryPolicy.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | @aws-cdk/core.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | @aws-cdk/core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrRegistryId | string | *No description.* | | policyText | any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* @aws-cdk/core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrRegistryId\`Required \`\`\`typescript public readonly attrRegistryId: string; \`\`\` - *Type:* string --- ##### \`policyText\`Required \`\`\`typescript public readonly policyText: any; \`\`\` - *Type:* any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnReplicationConfiguration - *Implements:* @aws-cdk/core.IInspectable A CloudFormation \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializers \`\`\`typescript import { CfnReplicationConfiguration } from '@aws-cdk/aws-ecr' new CfnReplicationConfiguration(scope: Construct, id: string, props: CfnReplicationConfigurationProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | @aws-cdk/core.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnReplicationConfigurationProps | - resource properties. | --- ##### \`scope\`Required - *Type:* @aws-cdk/core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnReplicationConfigurationProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* @aws-cdk/core.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* @aws-cdk/core.RemovalPolicy --- ###### \`options\`Optional - *Type:* @aws-cdk/core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* @aws-cdk/core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`typescript import { CfnReplicationConfiguration } from '@aws-cdk/aws-ecr' CfnReplicationConfiguration.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isCfnElement\` \`\`\`typescript import { CfnReplicationConfiguration } from '@aws-cdk/aws-ecr' CfnReplicationConfiguration.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { CfnReplicationConfiguration } from '@aws-cdk/aws-ecr' CfnReplicationConfiguration.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | @aws-cdk/core.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | @aws-cdk/core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrRegistryId | string | *No description.* | | replicationConfiguration | @aws-cdk/core.IResolvable \\| ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* @aws-cdk/core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrRegistryId\`Required \`\`\`typescript public readonly attrRegistryId: string; \`\`\` - *Type:* string --- ##### \`replicationConfiguration\`Required \`\`\`typescript public readonly replicationConfiguration: IResolvable | ReplicationConfigurationProperty; \`\`\` - *Type:* @aws-cdk/core.IResolvable | ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnRepository - *Implements:* @aws-cdk/core.IInspectable A CloudFormation \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializers \`\`\`typescript import { CfnRepository } from '@aws-cdk/aws-ecr' new CfnRepository(scope: Construct, id: string, props?: CfnRepositoryProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | @aws-cdk/core.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnRepositoryProps | - resource properties. | --- ##### \`scope\`Required - *Type:* @aws-cdk/core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Optional - *Type:* CfnRepositoryProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* @aws-cdk/core.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* @aws-cdk/core.RemovalPolicy --- ###### \`options\`Optional - *Type:* @aws-cdk/core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* @aws-cdk/core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`typescript import { CfnRepository } from '@aws-cdk/aws-ecr' CfnRepository.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isCfnElement\` \`\`\`typescript import { CfnRepository } from '@aws-cdk/aws-ecr' CfnRepository.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { CfnRepository } from '@aws-cdk/aws-ecr' CfnRepository.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | @aws-cdk/core.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | @aws-cdk/core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrArn | string | *No description.* | | attrRepositoryUri | string | *No description.* | | tags | @aws-cdk/core.TagManager | \`AWS::ECR::Repository.Tags\`. | | encryptionConfiguration | any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | repositoryPolicyText | any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | imageTagMutability | string | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | @aws-cdk/core.IResolvable \\| LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | string | \`AWS::ECR::Repository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* @aws-cdk/core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrArn\`Required \`\`\`typescript public readonly attrArn: string; \`\`\` - *Type:* string --- ##### \`attrRepositoryUri\`Required \`\`\`typescript public readonly attrRepositoryUri: string; \`\`\` - *Type:* string --- ##### \`tags\`Required \`\`\`typescript public readonly tags: TagManager; \`\`\` - *Type:* @aws-cdk/core.TagManager \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ##### \`encryptionConfiguration\`Required \`\`\`typescript public readonly encryptionConfiguration: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Required \`\`\`typescript public readonly imageScanningConfiguration: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`repositoryPolicyText\`Required \`\`\`typescript public readonly repositoryPolicyText: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`imageTagMutability\`Optional \`\`\`typescript public readonly imageTagMutability: string; \`\`\` - *Type:* string \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional \`\`\`typescript public readonly lifecyclePolicy: IResolvable | LifecyclePolicyProperty; \`\`\` - *Type:* @aws-cdk/core.IResolvable | LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### Repository Define an ECR repository. #### Initializers \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' new Repository(scope: Construct, id: string, props?: RepositoryProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | RepositoryProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Optional - *Type:* RepositoryProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to use the images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | addLifecycleRule | Add a life cycle rule to the repository. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy: RemovalPolicy): void \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* @aws-cdk/core.RemovalPolicy --- ##### \`addToResourcePolicy\` \`\`\`typescript public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* @aws-cdk/aws-iam.PolicyStatement --- ##### \`grant\` \`\`\`typescript public grant(grantee: IGrantable, actions: string): Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ###### \`actions\`Required - *Type:* string --- ##### \`grantPull\` \`\`\`typescript public grantPull(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`grantPullPush\` \`\`\`typescript public grantPullPush(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`typescript public onCloudTrailEvent(id: string, options?: OnEventOptions): Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`typescript public onCloudTrailImagePushed(id: string, options?: OnCloudTrailImagePushedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`typescript public onEvent(id: string, options?: OnEventOptions): Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* string --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`typescript public onImageScanCompleted(id: string, options?: OnImageScanCompletedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`typescript public repositoryUriForDigest(digest?: string): string \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* string Optional image digest. --- ##### \`repositoryUriForTag\` \`\`\`typescript public repositoryUriForTag(tag?: string): string \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* string Optional image tag. --- ##### \`addLifecycleRule\` \`\`\`typescript public addLifecycleRule(rule: LifecycleRule): void \`\`\` Add a life cycle rule to the repository. Life cycle rules automatically expire images from the repository that match certain conditions. ###### \`rule\`Required - *Type:* LifecycleRule --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | | arnForLocalRepository | Returns an ECR ARN for a repository that resides in the same account/region as the current stack. | | fromRepositoryArn | *No description.* | | fromRepositoryAttributes | Import a repository. | | fromRepositoryName | *No description.* | --- ##### \`isConstruct\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isResource\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.isResource(construct: IConstruct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* @aws-cdk/core.IConstruct --- ##### \`arnForLocalRepository\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.arnForLocalRepository(repositoryName: string, scope: IConstruct, account?: string) \`\`\` Returns an ECR ARN for a repository that resides in the same account/region as the current stack. ###### \`repositoryName\`Required - *Type:* string --- ###### \`scope\`Required - *Type:* constructs.IConstruct --- ###### \`account\`Optional - *Type:* string --- ##### \`fromRepositoryArn\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.fromRepositoryArn(scope: Construct, id: string, repositoryArn: string) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* string --- ###### \`repositoryArn\`Required - *Type:* string --- ##### \`fromRepositoryAttributes\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.fromRepositoryAttributes(scope: Construct, id: string, attrs: RepositoryAttributes) \`\`\` Import a repository. ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* string --- ###### \`attrs\`Required - *Type:* RepositoryAttributes --- ##### \`fromRepositoryName\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.fromRepositoryName(scope: Construct, id: string, repositoryName: string) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* string --- ###### \`repositoryName\`Required - *Type:* string --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | env | @aws-cdk/core.ResourceEnvironment | The environment this resource belongs to. | | stack | @aws-cdk/core.Stack | The stack in which this resource is defined. | | repositoryArn | string | The ARN of the repository. | | repositoryName | string | The name of the repository. | | repositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* @aws-cdk/core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`typescript public readonly repositoryArn: string; \`\`\` - *Type:* string The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`typescript public readonly repositoryUri: string; \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ### RepositoryBase - *Implements:* IRepository Base class for ECR repository. Reused between imported repositories and owned repositories. #### Initializers \`\`\`typescript import { RepositoryBase } from '@aws-cdk/aws-ecr' new RepositoryBase(scope: Construct, id: string, props?: ResourceProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | @aws-cdk/core.ResourceProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Optional - *Type:* @aws-cdk/core.ResourceProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to use the images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy: RemovalPolicy): void \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* @aws-cdk/core.RemovalPolicy --- ##### \`addToResourcePolicy\` \`\`\`typescript public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* @aws-cdk/aws-iam.PolicyStatement --- ##### \`grant\` \`\`\`typescript public grant(grantee: IGrantable, actions: string): Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ###### \`actions\`Required - *Type:* string --- ##### \`grantPull\` \`\`\`typescript public grantPull(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`grantPullPush\` \`\`\`typescript public grantPullPush(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`typescript public onCloudTrailEvent(id: string, options?: OnEventOptions): Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`typescript public onCloudTrailImagePushed(id: string, options?: OnCloudTrailImagePushedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`typescript public onEvent(id: string, options?: OnEventOptions): Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* string --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`typescript public onImageScanCompleted(id: string, options?: OnImageScanCompletedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`typescript public repositoryUriForDigest(digest?: string): string \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* string Optional image digest. --- ##### \`repositoryUriForTag\` \`\`\`typescript public repositoryUriForTag(tag?: string): string \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* string Optional image tag. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | --- ##### \`isConstruct\` \`\`\`typescript import { RepositoryBase } from '@aws-cdk/aws-ecr' RepositoryBase.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isResource\` \`\`\`typescript import { RepositoryBase } from '@aws-cdk/aws-ecr' RepositoryBase.isResource(construct: IConstruct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* @aws-cdk/core.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | env | @aws-cdk/core.ResourceEnvironment | The environment this resource belongs to. | | stack | @aws-cdk/core.Stack | The stack in which this resource is defined. | | repositoryArn | string | The ARN of the repository. | | repositoryName | string | The name of the repository. | | repositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* @aws-cdk/core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`typescript public readonly repositoryArn: string; \`\`\` - *Type:* string The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`typescript public readonly repositoryUri: string; \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Structs ### CfnPublicRepositoryProps Properties for defining a \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializer \`\`\`typescript import { CfnPublicRepositoryProps } from '@aws-cdk/aws-ecr' const cfnPublicRepositoryProps: CfnPublicRepositoryProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repositoryCatalogData | any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryName | string | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repositoryPolicyText | any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | @aws-cdk/core.CfnTag[] | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`repositoryCatalogData\`Optional \`\`\`typescript public readonly repositoryCatalogData: any; \`\`\` - *Type:* any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repositoryPolicyText\`Optional \`\`\`typescript public readonly repositoryPolicyText: any; \`\`\` - *Type:* any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`typescript public readonly tags: CfnTag[]; \`\`\` - *Type:* @aws-cdk/core.CfnTag[] \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ### CfnRegistryPolicyProps Properties for defining a \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializer \`\`\`typescript import { CfnRegistryPolicyProps } from '@aws-cdk/aws-ecr' const cfnRegistryPolicyProps: CfnRegistryPolicyProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | policyText | any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`policyText\`Required \`\`\`typescript public readonly policyText: any; \`\`\` - *Type:* any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- ### CfnReplicationConfigurationProps Properties for defining a \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializer \`\`\`typescript import { CfnReplicationConfigurationProps } from '@aws-cdk/aws-ecr' const cfnReplicationConfigurationProps: CfnReplicationConfigurationProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | replicationConfiguration | @aws-cdk/core.IResolvable \\| ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`replicationConfiguration\`Required \`\`\`typescript public readonly replicationConfiguration: IResolvable | ReplicationConfigurationProperty; \`\`\` - *Type:* @aws-cdk/core.IResolvable | ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- ### CfnRepositoryProps Properties for defining a \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializer \`\`\`typescript import { CfnRepositoryProps } from '@aws-cdk/aws-ecr' const cfnRepositoryProps: CfnRepositoryProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | encryptionConfiguration | any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | imageTagMutability | string | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | @aws-cdk/core.IResolvable \\| LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | string | \`AWS::ECR::Repository.RepositoryName\`. | | repositoryPolicyText | any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | @aws-cdk/core.CfnTag[] | \`AWS::ECR::Repository.Tags\`. | --- ##### \`encryptionConfiguration\`Optional \`\`\`typescript public readonly encryptionConfiguration: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Optional \`\`\`typescript public readonly imageScanningConfiguration: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`imageTagMutability\`Optional \`\`\`typescript public readonly imageTagMutability: string; \`\`\` - *Type:* string \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional \`\`\`typescript public readonly lifecyclePolicy: IResolvable | LifecyclePolicyProperty; \`\`\` - *Type:* @aws-cdk/core.IResolvable | LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repositoryPolicyText\`Optional \`\`\`typescript public readonly repositoryPolicyText: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`typescript public readonly tags: CfnTag[]; \`\`\` - *Type:* @aws-cdk/core.CfnTag[] \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ### LifecyclePolicyProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html) #### Initializer \`\`\`typescript import { LifecyclePolicyProperty } from '@aws-cdk/aws-ecr' const lifecyclePolicyProperty: LifecyclePolicyProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | lifecyclePolicyText | string | \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. | | registryId | string | \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. | --- ##### \`lifecyclePolicyText\`Optional \`\`\`typescript public readonly lifecyclePolicyText: string; \`\`\` - *Type:* string \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext) --- ##### \`registryId\`Optional \`\`\`typescript public readonly registryId: string; \`\`\` - *Type:* string \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid) --- ### LifecycleRule An ECR life cycle rule. #### Initializer \`\`\`typescript import { LifecycleRule } from '@aws-cdk/aws-ecr' const lifecycleRule: LifecycleRule = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | string | Describes the purpose of the rule. | | maxImageAge | @aws-cdk/core.Duration | The maximum age of images to retain. The value must represent a number of days. | | maxImageCount | number | The maximum number of images to retain. | | rulePriority | number | Controls the order in which rules are evaluated (low to high). | | tagPrefixList | string[] | Select images that have ALL the given prefixes in their tag. | | tagStatus | TagStatus | Select images based on tags. | --- ##### \`description\`Optional \`\`\`typescript public readonly description: string; \`\`\` - *Type:* string - *Default:* No description Describes the purpose of the rule. --- ##### \`maxImageAge\`Optional \`\`\`typescript public readonly maxImageAge: Duration; \`\`\` - *Type:* @aws-cdk/core.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`maxImageCount\`Optional \`\`\`typescript public readonly maxImageCount: number; \`\`\` - *Type:* number The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`rulePriority\`Optional \`\`\`typescript public readonly rulePriority: number; \`\`\` - *Type:* number - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ##### \`tagPrefixList\`Optional \`\`\`typescript public readonly tagPrefixList: string[]; \`\`\` - *Type:* string[] Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ##### \`tagStatus\`Optional \`\`\`typescript public readonly tagStatus: TagStatus; \`\`\` - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- ### OnCloudTrailImagePushedOptions Options for the onCloudTrailImagePushed method. #### Initializer \`\`\`typescript import { OnCloudTrailImagePushedOptions } from '@aws-cdk/aws-ecr' const onCloudTrailImagePushedOptions: OnCloudTrailImagePushedOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | string | A description of the rule's purpose. | | eventPattern | @aws-cdk/aws-events.EventPattern | Additional restrictions for the event to route to the specified target. | | ruleName | string | A name for the rule. | | target | @aws-cdk/aws-events.IRuleTarget | The target to register for the event. | | imageTag | string | Only watch changes to this image tag. | --- ##### \`description\`Optional \`\`\`typescript public readonly description: string; \`\`\` - *Type:* string - *Default:* No description A description of the rule's purpose. --- ##### \`eventPattern\`Optional \`\`\`typescript public readonly eventPattern: EventPattern; \`\`\` - *Type:* @aws-cdk/aws-events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`ruleName\`Optional \`\`\`typescript public readonly ruleName: string; \`\`\` - *Type:* string - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`typescript public readonly target: IRuleTarget; \`\`\` - *Type:* @aws-cdk/aws-events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`imageTag\`Optional \`\`\`typescript public readonly imageTag: string; \`\`\` - *Type:* string - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ### OnImageScanCompletedOptions Options for the OnImageScanCompleted method. #### Initializer \`\`\`typescript import { OnImageScanCompletedOptions } from '@aws-cdk/aws-ecr' const onImageScanCompletedOptions: OnImageScanCompletedOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | string | A description of the rule's purpose. | | eventPattern | @aws-cdk/aws-events.EventPattern | Additional restrictions for the event to route to the specified target. | | ruleName | string | A name for the rule. | | target | @aws-cdk/aws-events.IRuleTarget | The target to register for the event. | | imageTags | string[] | Only watch changes to the image tags spedified. | --- ##### \`description\`Optional \`\`\`typescript public readonly description: string; \`\`\` - *Type:* string - *Default:* No description A description of the rule's purpose. --- ##### \`eventPattern\`Optional \`\`\`typescript public readonly eventPattern: EventPattern; \`\`\` - *Type:* @aws-cdk/aws-events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`ruleName\`Optional \`\`\`typescript public readonly ruleName: string; \`\`\` - *Type:* string - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`typescript public readonly target: IRuleTarget; \`\`\` - *Type:* @aws-cdk/aws-events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`imageTags\`Optional \`\`\`typescript public readonly imageTags: string[]; \`\`\` - *Type:* string[] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ### ReplicationConfigurationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html) #### Initializer \`\`\`typescript import { ReplicationConfigurationProperty } from '@aws-cdk/aws-ecr' const replicationConfigurationProperty: ReplicationConfigurationProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | rules | @aws-cdk/core.IResolvable \\| @aws-cdk/core.IResolvable \\| ReplicationRuleProperty[] | \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. | --- ##### \`rules\`Required \`\`\`typescript public readonly rules: IResolvable | IResolvable | ReplicationRuleProperty[]; \`\`\` - *Type:* @aws-cdk/core.IResolvable | @aws-cdk/core.IResolvable | ReplicationRuleProperty[] \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules) --- ### ReplicationDestinationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html) #### Initializer \`\`\`typescript import { ReplicationDestinationProperty } from '@aws-cdk/aws-ecr' const replicationDestinationProperty: ReplicationDestinationProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | region | string | \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. | | registryId | string | \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. | --- ##### \`region\`Required \`\`\`typescript public readonly region: string; \`\`\` - *Type:* string \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region) --- ##### \`registryId\`Required \`\`\`typescript public readonly registryId: string; \`\`\` - *Type:* string \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid) --- ### ReplicationRuleProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html) #### Initializer \`\`\`typescript import { ReplicationRuleProperty } from '@aws-cdk/aws-ecr' const replicationRuleProperty: ReplicationRuleProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | destinations | @aws-cdk/core.IResolvable \\| @aws-cdk/core.IResolvable \\| ReplicationDestinationProperty[] | \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. | --- ##### \`destinations\`Required \`\`\`typescript public readonly destinations: IResolvable | IResolvable | ReplicationDestinationProperty[]; \`\`\` - *Type:* @aws-cdk/core.IResolvable | @aws-cdk/core.IResolvable | ReplicationDestinationProperty[] \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations) --- ### RepositoryAttributes #### Initializer \`\`\`typescript import { RepositoryAttributes } from '@aws-cdk/aws-ecr' const repositoryAttributes: RepositoryAttributes = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repositoryArn | string | *No description.* | | repositoryName | string | *No description.* | --- ##### \`repositoryArn\`Required \`\`\`typescript public readonly repositoryArn: string; \`\`\` - *Type:* string --- ##### \`repositoryName\`Required \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string --- ### RepositoryProps #### Initializer \`\`\`typescript import { RepositoryProps } from '@aws-cdk/aws-ecr' const repositoryProps: RepositoryProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | imageScanOnPush | boolean | Enable the scan on push when creating the repository. | | imageTagMutability | TagMutability | The tag mutability setting for the repository. | | lifecycleRegistryId | string | The AWS account ID associated with the registry that contains the repository. | | lifecycleRules | LifecycleRule[] | Life cycle rules to apply to this registry. | | removalPolicy | @aws-cdk/core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repositoryName | string | Name for this repository. | --- ##### \`imageScanOnPush\`Optional \`\`\`typescript public readonly imageScanOnPush: boolean; \`\`\` - *Type:* boolean - *Default:* false Enable the scan on push when creating the repository. --- ##### \`imageTagMutability\`Optional \`\`\`typescript public readonly imageTagMutability: TagMutability; \`\`\` - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycleRegistryId\`Optional \`\`\`typescript public readonly lifecycleRegistryId: string; \`\`\` - *Type:* string - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycleRules\`Optional \`\`\`typescript public readonly lifecycleRules: LifecycleRule[]; \`\`\` - *Type:* LifecycleRule[] - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removalPolicy\`Optional \`\`\`typescript public readonly removalPolicy: RemovalPolicy; \`\`\` - *Type:* @aws-cdk/core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string - *Default:* Automatically generated name. Name for this repository. --- ## Classes ### AuthorizationToken Authorization token to access private ECR repositories in the current environment via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) #### Static Functions | **Name** | **Description** | | --- | --- | | grantRead | Grant access to retrieve an authorization token. | --- ##### \`grantRead\` \`\`\`typescript import { AuthorizationToken } from '@aws-cdk/aws-ecr' AuthorizationToken.grantRead(grantee: IGrantable) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ### PublicGalleryAuthorizationToken Authorization token to access the global public ECR Gallery via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth) #### Static Functions | **Name** | **Description** | | --- | --- | | grantRead | Grant access to retrieve an authorization token. | --- ##### \`grantRead\` \`\`\`typescript import { PublicGalleryAuthorizationToken } from '@aws-cdk/aws-ecr' PublicGalleryAuthorizationToken.grantRead(grantee: IGrantable) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ## Protocols ### IRepository - *Extends:* @aws-cdk/core.IResource - *Implemented By:* Repository, RepositoryBase, IRepository Represents an ECR repository. #### Methods | **Name** | **Description** | | --- | --- | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to pull images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. | | repositoryUriForDigest | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | --- ##### \`addToResourcePolicy\` \`\`\`typescript public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* @aws-cdk/aws-iam.PolicyStatement --- ##### \`grant\` \`\`\`typescript public grant(grantee: IGrantable, actions: string): Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ###### \`actions\`Required - *Type:* string --- ##### \`grantPull\` \`\`\`typescript public grantPull(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to pull images in this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`grantPullPush\` \`\`\`typescript public grantPullPush(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`typescript public onCloudTrailEvent(id: string, options?: OnEventOptions): Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`typescript public onCloudTrailImagePushed(id: string, options?: OnCloudTrailImagePushedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`typescript public onEvent(id: string, options?: OnEventOptions): Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* string --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`typescript public onImageScanCompleted(id: string, options?: OnImageScanCompletedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`typescript public repositoryUriForDigest(digest?: string): string \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* string Image digest to use (tools usually default to the image with the "latest" tag if omitted). --- ##### \`repositoryUriForTag\` \`\`\`typescript public repositoryUriForTag(tag?: string): string \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* string Image tag to use (tools usually default to "latest" if omitted). --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node for this construct. | | env | @aws-cdk/core.ResourceEnvironment | The environment this resource belongs to. | | stack | @aws-cdk/core.Stack | The stack in which this resource is defined. | | repositoryArn | string | The ARN of the repository. | | repositoryName | string | The name of the repository. | | repositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node for this construct. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* @aws-cdk/core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`typescript public readonly repositoryArn: string; \`\`\` - *Type:* string The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`typescript public readonly repositoryUri: string; \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Enums ### TagMutability The tag mutability setting for your repository. #### Members | **Name** | **Description** | | --- | --- | | MUTABLE | allow image tags to be overwritten. | | IMMUTABLE | all image tags within the repository will be immutable which will prevent them from being overwritten. | --- ##### \`MUTABLE\` allow image tags to be overwritten. --- ##### \`IMMUTABLE\` all image tags within the repository will be immutable which will prevent them from being overwritten. --- ### TagStatus Select images based on tags. #### Members | **Name** | **Description** | | --- | --- | | ANY | Rule applies to all images. | | TAGGED | Rule applies to tagged images. | | UNTAGGED | Rule applies to untagged images. | --- ##### \`ANY\` Rule applies to all images. --- ##### \`TAGGED\` Rule applies to tagged images. --- ##### \`UNTAGGED\` Rule applies to untagged images. --- " `; exports[`typescript snapshot - single module 1`] = ` "# Amazon ECR Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This package contains constructs for working with Amazon Elastic Container Registry. ## Repositories Define a repository by creating a new instance of \`Repository\`. A repository holds multiple verions of a single container image. \`\`\`ts const repository = new ecr.Repository(this, 'Repository'); \`\`\` ## Image scanning Amazon ECR image scanning helps in identifying software vulnerabilities in your container images. You can manually scan container images stored in Amazon ECR, or you can configure your repositories to scan images when you push them to a repository. To create a new repository to scan on push, simply enable \`imageScanOnPush\` in the properties \`\`\`ts const repository = new ecr.Repository(stack, 'Repo', { imageScanOnPush: true }); \`\`\` To create an \`onImageScanCompleted\` event rule and trigger the event target \`\`\`ts repository.onImageScanCompleted('ImageScanComplete') .addTarget(...) \`\`\` ### Authorization Token Besides the Amazon ECR APIs, ECR also allows the Docker CLI or a language-specific Docker library to push and pull images from an ECR repository. However, the Docker CLI does not support native IAM authentication methods and additional steps must be taken so that Amazon ECR can authenticate and authorize Docker push and pull requests. More information can be found at at [Registry Authentication](https://docs.aws.amazon.com/AmazonECR/latest/userguide/Registries.html#registry_auth). A Docker authorization token can be obtained using the \`GetAuthorizationToken\` ECR API. The following code snippets grants an IAM user access to call this API. \`\`\`ts import * as iam from '@aws-cdk/aws-iam'; import * as ecr from '@aws-cdk/aws-ecr'; const user = new iam.User(this, 'User', { ... }); ecr.AuthorizationToken.grantRead(user); \`\`\` If you access images in the [Public ECR Gallery](https://gallery.ecr.aws/) as well, it is recommended you authenticate to the registry to benefit from higher rate and bandwidth limits. > See \`Pricing\` in https://aws.amazon.com/blogs/aws/amazon-ecr-public-a-new-public-container-registry/ and [Service quotas](https://docs.aws.amazon.com/AmazonECR/latest/public/public-service-quotas.html). The following code snippet grants an IAM user access to retrieve an authorization token for the public gallery. \`\`\`ts import * as iam from '@aws-cdk/aws-iam'; import * as ecr from '@aws-cdk/aws-ecr'; const user = new iam.User(this, 'User', { ... }); ecr.PublicGalleryAuthorizationToken.grantRead(user); \`\`\` This user can then proceed to login to the registry using one of the [authentication methods](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth). ### Image tag immutability You can set tag immutability on images in our repository using the \`imageTagMutability\` construct prop. \`\`\`ts new ecr.Repository(stack, 'Repo', { imageTagMutability: ecr.TagMutability.IMMUTABLE }); \`\`\` ## Automatically clean up repositories You can set life cycle rules to automatically clean up old images from your repository. The first life cycle rule that matches an image will be applied against that image. For example, the following deletes images older than 30 days, while keeping all images tagged with prod (note that the order is important here): \`\`\`ts repository.addLifecycleRule({ tagPrefixList: ['prod'], maxImageCount: 9999 }); repository.addLifecycleRule({ maxImageAge: cdk.Duration.days(30) }); \`\`\` # API Reference ## Constructs ### CfnPublicRepository - *Implements:* @aws-cdk/core.IInspectable A CloudFormation \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializers \`\`\`typescript import { CfnPublicRepository } from '@aws-cdk/aws-ecr' new CfnPublicRepository(scope: Construct, id: string, props?: CfnPublicRepositoryProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | @aws-cdk/core.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnPublicRepositoryProps | - resource properties. | --- ##### \`scope\`Required - *Type:* @aws-cdk/core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Optional - *Type:* CfnPublicRepositoryProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* @aws-cdk/core.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* @aws-cdk/core.RemovalPolicy --- ###### \`options\`Optional - *Type:* @aws-cdk/core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* @aws-cdk/core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`typescript import { CfnPublicRepository } from '@aws-cdk/aws-ecr' CfnPublicRepository.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isCfnElement\` \`\`\`typescript import { CfnPublicRepository } from '@aws-cdk/aws-ecr' CfnPublicRepository.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { CfnPublicRepository } from '@aws-cdk/aws-ecr' CfnPublicRepository.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | @aws-cdk/core.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | @aws-cdk/core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrArn | string | *No description.* | | tags | @aws-cdk/core.TagManager | \`AWS::ECR::PublicRepository.Tags\`. | | repositoryCatalogData | any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryPolicyText | any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | repositoryName | string | \`AWS::ECR::PublicRepository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* @aws-cdk/core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrArn\`Required \`\`\`typescript public readonly attrArn: string; \`\`\` - *Type:* string --- ##### \`tags\`Required \`\`\`typescript public readonly tags: TagManager; \`\`\` - *Type:* @aws-cdk/core.TagManager \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ##### \`repositoryCatalogData\`Required \`\`\`typescript public readonly repositoryCatalogData: any; \`\`\` - *Type:* any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryPolicyText\`Required \`\`\`typescript public readonly repositoryPolicyText: any; \`\`\` - *Type:* any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnRegistryPolicy - *Implements:* @aws-cdk/core.IInspectable A CloudFormation \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializers \`\`\`typescript import { CfnRegistryPolicy } from '@aws-cdk/aws-ecr' new CfnRegistryPolicy(scope: Construct, id: string, props: CfnRegistryPolicyProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | @aws-cdk/core.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnRegistryPolicyProps | - resource properties. | --- ##### \`scope\`Required - *Type:* @aws-cdk/core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnRegistryPolicyProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* @aws-cdk/core.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* @aws-cdk/core.RemovalPolicy --- ###### \`options\`Optional - *Type:* @aws-cdk/core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* @aws-cdk/core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`typescript import { CfnRegistryPolicy } from '@aws-cdk/aws-ecr' CfnRegistryPolicy.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isCfnElement\` \`\`\`typescript import { CfnRegistryPolicy } from '@aws-cdk/aws-ecr' CfnRegistryPolicy.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { CfnRegistryPolicy } from '@aws-cdk/aws-ecr' CfnRegistryPolicy.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | @aws-cdk/core.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | @aws-cdk/core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrRegistryId | string | *No description.* | | policyText | any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* @aws-cdk/core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrRegistryId\`Required \`\`\`typescript public readonly attrRegistryId: string; \`\`\` - *Type:* string --- ##### \`policyText\`Required \`\`\`typescript public readonly policyText: any; \`\`\` - *Type:* any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnReplicationConfiguration - *Implements:* @aws-cdk/core.IInspectable A CloudFormation \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializers \`\`\`typescript import { CfnReplicationConfiguration } from '@aws-cdk/aws-ecr' new CfnReplicationConfiguration(scope: Construct, id: string, props: CfnReplicationConfigurationProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | @aws-cdk/core.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnReplicationConfigurationProps | - resource properties. | --- ##### \`scope\`Required - *Type:* @aws-cdk/core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnReplicationConfigurationProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* @aws-cdk/core.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* @aws-cdk/core.RemovalPolicy --- ###### \`options\`Optional - *Type:* @aws-cdk/core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* @aws-cdk/core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`typescript import { CfnReplicationConfiguration } from '@aws-cdk/aws-ecr' CfnReplicationConfiguration.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isCfnElement\` \`\`\`typescript import { CfnReplicationConfiguration } from '@aws-cdk/aws-ecr' CfnReplicationConfiguration.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { CfnReplicationConfiguration } from '@aws-cdk/aws-ecr' CfnReplicationConfiguration.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | @aws-cdk/core.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | @aws-cdk/core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrRegistryId | string | *No description.* | | replicationConfiguration | @aws-cdk/core.IResolvable \\| ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* @aws-cdk/core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrRegistryId\`Required \`\`\`typescript public readonly attrRegistryId: string; \`\`\` - *Type:* string --- ##### \`replicationConfiguration\`Required \`\`\`typescript public readonly replicationConfiguration: IResolvable | ReplicationConfigurationProperty; \`\`\` - *Type:* @aws-cdk/core.IResolvable | ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnRepository - *Implements:* @aws-cdk/core.IInspectable A CloudFormation \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializers \`\`\`typescript import { CfnRepository } from '@aws-cdk/aws-ecr' new CfnRepository(scope: Construct, id: string, props?: CfnRepositoryProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | @aws-cdk/core.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnRepositoryProps | - resource properties. | --- ##### \`scope\`Required - *Type:* @aws-cdk/core.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Optional - *Type:* CfnRepositoryProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* @aws-cdk/core.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* @aws-cdk/core.RemovalPolicy --- ###### \`options\`Optional - *Type:* @aws-cdk/core.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* @aws-cdk/core.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### \`isConstruct\` \`\`\`typescript import { CfnRepository } from '@aws-cdk/aws-ecr' CfnRepository.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isCfnElement\` \`\`\`typescript import { CfnRepository } from '@aws-cdk/aws-ecr' CfnRepository.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { CfnRepository } from '@aws-cdk/aws-ecr' CfnRepository.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | @aws-cdk/core.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | @aws-cdk/core.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrArn | string | *No description.* | | attrRepositoryUri | string | *No description.* | | tags | @aws-cdk/core.TagManager | \`AWS::ECR::Repository.Tags\`. | | encryptionConfiguration | any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | repositoryPolicyText | any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | imageTagMutability | string | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | @aws-cdk/core.IResolvable \\| LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | string | \`AWS::ECR::Repository.RepositoryName\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* @aws-cdk/core.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrArn\`Required \`\`\`typescript public readonly attrArn: string; \`\`\` - *Type:* string --- ##### \`attrRepositoryUri\`Required \`\`\`typescript public readonly attrRepositoryUri: string; \`\`\` - *Type:* string --- ##### \`tags\`Required \`\`\`typescript public readonly tags: TagManager; \`\`\` - *Type:* @aws-cdk/core.TagManager \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ##### \`encryptionConfiguration\`Required \`\`\`typescript public readonly encryptionConfiguration: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Required \`\`\`typescript public readonly imageScanningConfiguration: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`repositoryPolicyText\`Required \`\`\`typescript public readonly repositoryPolicyText: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`imageTagMutability\`Optional \`\`\`typescript public readonly imageTagMutability: string; \`\`\` - *Type:* string \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional \`\`\`typescript public readonly lifecyclePolicy: IResolvable | LifecyclePolicyProperty; \`\`\` - *Type:* @aws-cdk/core.IResolvable | LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### Repository Define an ECR repository. #### Initializers \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' new Repository(scope: Construct, id: string, props?: RepositoryProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | RepositoryProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Optional - *Type:* RepositoryProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to use the images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | addLifecycleRule | Add a life cycle rule to the repository. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy: RemovalPolicy): void \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* @aws-cdk/core.RemovalPolicy --- ##### \`addToResourcePolicy\` \`\`\`typescript public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* @aws-cdk/aws-iam.PolicyStatement --- ##### \`grant\` \`\`\`typescript public grant(grantee: IGrantable, actions: string): Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ###### \`actions\`Required - *Type:* string --- ##### \`grantPull\` \`\`\`typescript public grantPull(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`grantPullPush\` \`\`\`typescript public grantPullPush(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`typescript public onCloudTrailEvent(id: string, options?: OnEventOptions): Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`typescript public onCloudTrailImagePushed(id: string, options?: OnCloudTrailImagePushedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`typescript public onEvent(id: string, options?: OnEventOptions): Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* string --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`typescript public onImageScanCompleted(id: string, options?: OnImageScanCompletedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`typescript public repositoryUriForDigest(digest?: string): string \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* string Optional image digest. --- ##### \`repositoryUriForTag\` \`\`\`typescript public repositoryUriForTag(tag?: string): string \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* string Optional image tag. --- ##### \`addLifecycleRule\` \`\`\`typescript public addLifecycleRule(rule: LifecycleRule): void \`\`\` Add a life cycle rule to the repository. Life cycle rules automatically expire images from the repository that match certain conditions. ###### \`rule\`Required - *Type:* LifecycleRule --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | | arnForLocalRepository | Returns an ECR ARN for a repository that resides in the same account/region as the current stack. | | fromRepositoryArn | *No description.* | | fromRepositoryAttributes | Import a repository. | | fromRepositoryName | *No description.* | --- ##### \`isConstruct\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isResource\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.isResource(construct: IConstruct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* @aws-cdk/core.IConstruct --- ##### \`arnForLocalRepository\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.arnForLocalRepository(repositoryName: string, scope: IConstruct, account?: string) \`\`\` Returns an ECR ARN for a repository that resides in the same account/region as the current stack. ###### \`repositoryName\`Required - *Type:* string --- ###### \`scope\`Required - *Type:* constructs.IConstruct --- ###### \`account\`Optional - *Type:* string --- ##### \`fromRepositoryArn\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.fromRepositoryArn(scope: Construct, id: string, repositoryArn: string) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* string --- ###### \`repositoryArn\`Required - *Type:* string --- ##### \`fromRepositoryAttributes\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.fromRepositoryAttributes(scope: Construct, id: string, attrs: RepositoryAttributes) \`\`\` Import a repository. ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* string --- ###### \`attrs\`Required - *Type:* RepositoryAttributes --- ##### \`fromRepositoryName\` \`\`\`typescript import { Repository } from '@aws-cdk/aws-ecr' Repository.fromRepositoryName(scope: Construct, id: string, repositoryName: string) \`\`\` ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* string --- ###### \`repositoryName\`Required - *Type:* string --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | env | @aws-cdk/core.ResourceEnvironment | The environment this resource belongs to. | | stack | @aws-cdk/core.Stack | The stack in which this resource is defined. | | repositoryArn | string | The ARN of the repository. | | repositoryName | string | The name of the repository. | | repositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* @aws-cdk/core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`typescript public readonly repositoryArn: string; \`\`\` - *Type:* string The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`typescript public readonly repositoryUri: string; \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ### RepositoryBase - *Implements:* IRepository Base class for ECR repository. Reused between imported repositories and owned repositories. #### Initializers \`\`\`typescript import { RepositoryBase } from '@aws-cdk/aws-ecr' new RepositoryBase(scope: Construct, id: string, props?: ResourceProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | @aws-cdk/core.ResourceProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Optional - *Type:* @aws-cdk/core.ResourceProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to use the images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. | | repositoryUriForDigest | Returns the URL of the repository. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URL of the repository. Can be used in \`docker push/pull\`. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy: RemovalPolicy): void \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* @aws-cdk/core.RemovalPolicy --- ##### \`addToResourcePolicy\` \`\`\`typescript public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* @aws-cdk/aws-iam.PolicyStatement --- ##### \`grant\` \`\`\`typescript public grant(grantee: IGrantable, actions: string): Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ###### \`actions\`Required - *Type:* string --- ##### \`grantPull\` \`\`\`typescript public grantPull(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to use the images in this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`grantPullPush\` \`\`\`typescript public grantPullPush(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`typescript public onCloudTrailEvent(id: string, options?: OnEventOptions): Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`typescript public onCloudTrailImagePushed(id: string, options?: OnCloudTrailImagePushedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`typescript public onEvent(id: string, options?: OnEventOptions): Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* string --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`typescript public onImageScanCompleted(id: string, options?: OnImageScanCompletedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image scan is completed. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`typescript public repositoryUriForDigest(digest?: string): string \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* string Optional image digest. --- ##### \`repositoryUriForTag\` \`\`\`typescript public repositoryUriForTag(tag?: string): string \`\`\` Returns the URL of the repository. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* string Optional image tag. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Return whether the given object is a Construct. | | isResource | Check whether the given construct is a Resource. | --- ##### \`isConstruct\` \`\`\`typescript import { RepositoryBase } from '@aws-cdk/aws-ecr' RepositoryBase.isConstruct(x: any) \`\`\` Return whether the given object is a Construct. ###### \`x\`Required - *Type:* any --- ##### \`isResource\` \`\`\`typescript import { RepositoryBase } from '@aws-cdk/aws-ecr' RepositoryBase.isResource(construct: IConstruct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* @aws-cdk/core.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node associated with this construct. | | env | @aws-cdk/core.ResourceEnvironment | The environment this resource belongs to. | | stack | @aws-cdk/core.Stack | The stack in which this resource is defined. | | repositoryArn | string | The ARN of the repository. | | repositoryName | string | The name of the repository. | | repositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node associated with this construct. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* @aws-cdk/core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`typescript public readonly repositoryArn: string; \`\`\` - *Type:* string The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`typescript public readonly repositoryUri: string; \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Structs ### CfnPublicRepositoryProps Properties for defining a \`AWS::ECR::PublicRepository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html) #### Initializer \`\`\`typescript import { CfnPublicRepositoryProps } from '@aws-cdk/aws-ecr' const cfnPublicRepositoryProps: CfnPublicRepositoryProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repositoryCatalogData | any | \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. | | repositoryName | string | \`AWS::ECR::PublicRepository.RepositoryName\`. | | repositoryPolicyText | any | \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. | | tags | @aws-cdk/core.CfnTag[] | \`AWS::ECR::PublicRepository.Tags\`. | --- ##### \`repositoryCatalogData\`Optional \`\`\`typescript public readonly repositoryCatalogData: any; \`\`\` - *Type:* any \`AWS::ECR::PublicRepository.RepositoryCatalogData\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorycatalogdata) --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string \`AWS::ECR::PublicRepository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositoryname) --- ##### \`repositoryPolicyText\`Optional \`\`\`typescript public readonly repositoryPolicyText: any; \`\`\` - *Type:* any \`AWS::ECR::PublicRepository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`typescript public readonly tags: CfnTag[]; \`\`\` - *Type:* @aws-cdk/core.CfnTag[] \`AWS::ECR::PublicRepository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-publicrepository.html#cfn-ecr-publicrepository-tags) --- ### CfnRegistryPolicyProps Properties for defining a \`AWS::ECR::RegistryPolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html) #### Initializer \`\`\`typescript import { CfnRegistryPolicyProps } from '@aws-cdk/aws-ecr' const cfnRegistryPolicyProps: CfnRegistryPolicyProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | policyText | any | \`AWS::ECR::RegistryPolicy.PolicyText\`. | --- ##### \`policyText\`Required \`\`\`typescript public readonly policyText: any; \`\`\` - *Type:* any \`AWS::ECR::RegistryPolicy.PolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-registrypolicy.html#cfn-ecr-registrypolicy-policytext) --- ### CfnReplicationConfigurationProps Properties for defining a \`AWS::ECR::ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html) #### Initializer \`\`\`typescript import { CfnReplicationConfigurationProps } from '@aws-cdk/aws-ecr' const cfnReplicationConfigurationProps: CfnReplicationConfigurationProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | replicationConfiguration | @aws-cdk/core.IResolvable \\| ReplicationConfigurationProperty | \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. | --- ##### \`replicationConfiguration\`Required \`\`\`typescript public readonly replicationConfiguration: IResolvable | ReplicationConfigurationProperty; \`\`\` - *Type:* @aws-cdk/core.IResolvable | ReplicationConfigurationProperty \`AWS::ECR::ReplicationConfiguration.ReplicationConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration) --- ### CfnRepositoryProps Properties for defining a \`AWS::ECR::Repository\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html) #### Initializer \`\`\`typescript import { CfnRepositoryProps } from '@aws-cdk/aws-ecr' const cfnRepositoryProps: CfnRepositoryProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | encryptionConfiguration | any | \`AWS::ECR::Repository.EncryptionConfiguration\`. | | imageScanningConfiguration | any | \`AWS::ECR::Repository.ImageScanningConfiguration\`. | | imageTagMutability | string | \`AWS::ECR::Repository.ImageTagMutability\`. | | lifecyclePolicy | @aws-cdk/core.IResolvable \\| LifecyclePolicyProperty | \`AWS::ECR::Repository.LifecyclePolicy\`. | | repositoryName | string | \`AWS::ECR::Repository.RepositoryName\`. | | repositoryPolicyText | any | \`AWS::ECR::Repository.RepositoryPolicyText\`. | | tags | @aws-cdk/core.CfnTag[] | \`AWS::ECR::Repository.Tags\`. | --- ##### \`encryptionConfiguration\`Optional \`\`\`typescript public readonly encryptionConfiguration: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.EncryptionConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-encryptionconfiguration) --- ##### \`imageScanningConfiguration\`Optional \`\`\`typescript public readonly imageScanningConfiguration: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.ImageScanningConfiguration\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagescanningconfiguration) --- ##### \`imageTagMutability\`Optional \`\`\`typescript public readonly imageTagMutability: string; \`\`\` - *Type:* string \`AWS::ECR::Repository.ImageTagMutability\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-imagetagmutability) --- ##### \`lifecyclePolicy\`Optional \`\`\`typescript public readonly lifecyclePolicy: IResolvable | LifecyclePolicyProperty; \`\`\` - *Type:* @aws-cdk/core.IResolvable | LifecyclePolicyProperty \`AWS::ECR::Repository.LifecyclePolicy\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-lifecyclepolicy) --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string \`AWS::ECR::Repository.RepositoryName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositoryname) --- ##### \`repositoryPolicyText\`Optional \`\`\`typescript public readonly repositoryPolicyText: any; \`\`\` - *Type:* any \`AWS::ECR::Repository.RepositoryPolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-repositorypolicytext) --- ##### \`tags\`Optional \`\`\`typescript public readonly tags: CfnTag[]; \`\`\` - *Type:* @aws-cdk/core.CfnTag[] \`AWS::ECR::Repository.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecr-repository.html#cfn-ecr-repository-tags) --- ### LifecyclePolicyProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html) #### Initializer \`\`\`typescript import { LifecyclePolicyProperty } from '@aws-cdk/aws-ecr' const lifecyclePolicyProperty: LifecyclePolicyProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | lifecyclePolicyText | string | \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. | | registryId | string | \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. | --- ##### \`lifecyclePolicyText\`Optional \`\`\`typescript public readonly lifecyclePolicyText: string; \`\`\` - *Type:* string \`CfnRepository.LifecyclePolicyProperty.LifecyclePolicyText\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-lifecyclepolicytext) --- ##### \`registryId\`Optional \`\`\`typescript public readonly registryId: string; \`\`\` - *Type:* string \`CfnRepository.LifecyclePolicyProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-repository-lifecyclepolicy.html#cfn-ecr-repository-lifecyclepolicy-registryid) --- ### LifecycleRule An ECR life cycle rule. #### Initializer \`\`\`typescript import { LifecycleRule } from '@aws-cdk/aws-ecr' const lifecycleRule: LifecycleRule = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | string | Describes the purpose of the rule. | | maxImageAge | @aws-cdk/core.Duration | The maximum age of images to retain. The value must represent a number of days. | | maxImageCount | number | The maximum number of images to retain. | | rulePriority | number | Controls the order in which rules are evaluated (low to high). | | tagPrefixList | string[] | Select images that have ALL the given prefixes in their tag. | | tagStatus | TagStatus | Select images based on tags. | --- ##### \`description\`Optional \`\`\`typescript public readonly description: string; \`\`\` - *Type:* string - *Default:* No description Describes the purpose of the rule. --- ##### \`maxImageAge\`Optional \`\`\`typescript public readonly maxImageAge: Duration; \`\`\` - *Type:* @aws-cdk/core.Duration The maximum age of images to retain. The value must represent a number of days. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`maxImageCount\`Optional \`\`\`typescript public readonly maxImageCount: number; \`\`\` - *Type:* number The maximum number of images to retain. Specify exactly one of maxImageCount and maxImageAge. --- ##### \`rulePriority\`Optional \`\`\`typescript public readonly rulePriority: number; \`\`\` - *Type:* number - *Default:* Automatically assigned Controls the order in which rules are evaluated (low to high). All rules must have a unique priority, where lower numbers have higher precedence. The first rule that matches is applied to an image. There can only be one rule with a tagStatus of Any, and it must have the highest rulePriority. All rules without a specified priority will have incrementing priorities automatically assigned to them, higher than any rules that DO have priorities. --- ##### \`tagPrefixList\`Optional \`\`\`typescript public readonly tagPrefixList: string[]; \`\`\` - *Type:* string[] Select images that have ALL the given prefixes in their tag. Only if tagStatus == TagStatus.Tagged --- ##### \`tagStatus\`Optional \`\`\`typescript public readonly tagStatus: TagStatus; \`\`\` - *Type:* TagStatus - *Default:* TagStatus.Tagged if tagPrefixList is given, TagStatus.Any otherwise Select images based on tags. Only one rule is allowed to select untagged images, and it must have the highest rulePriority. --- ### OnCloudTrailImagePushedOptions Options for the onCloudTrailImagePushed method. #### Initializer \`\`\`typescript import { OnCloudTrailImagePushedOptions } from '@aws-cdk/aws-ecr' const onCloudTrailImagePushedOptions: OnCloudTrailImagePushedOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | string | A description of the rule's purpose. | | eventPattern | @aws-cdk/aws-events.EventPattern | Additional restrictions for the event to route to the specified target. | | ruleName | string | A name for the rule. | | target | @aws-cdk/aws-events.IRuleTarget | The target to register for the event. | | imageTag | string | Only watch changes to this image tag. | --- ##### \`description\`Optional \`\`\`typescript public readonly description: string; \`\`\` - *Type:* string - *Default:* No description A description of the rule's purpose. --- ##### \`eventPattern\`Optional \`\`\`typescript public readonly eventPattern: EventPattern; \`\`\` - *Type:* @aws-cdk/aws-events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`ruleName\`Optional \`\`\`typescript public readonly ruleName: string; \`\`\` - *Type:* string - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`typescript public readonly target: IRuleTarget; \`\`\` - *Type:* @aws-cdk/aws-events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`imageTag\`Optional \`\`\`typescript public readonly imageTag: string; \`\`\` - *Type:* string - *Default:* Watch changes to all tags Only watch changes to this image tag. --- ### OnImageScanCompletedOptions Options for the OnImageScanCompleted method. #### Initializer \`\`\`typescript import { OnImageScanCompletedOptions } from '@aws-cdk/aws-ecr' const onImageScanCompletedOptions: OnImageScanCompletedOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | description | string | A description of the rule's purpose. | | eventPattern | @aws-cdk/aws-events.EventPattern | Additional restrictions for the event to route to the specified target. | | ruleName | string | A name for the rule. | | target | @aws-cdk/aws-events.IRuleTarget | The target to register for the event. | | imageTags | string[] | Only watch changes to the image tags spedified. | --- ##### \`description\`Optional \`\`\`typescript public readonly description: string; \`\`\` - *Type:* string - *Default:* No description A description of the rule's purpose. --- ##### \`eventPattern\`Optional \`\`\`typescript public readonly eventPattern: EventPattern; \`\`\` - *Type:* @aws-cdk/aws-events.EventPattern - *Default:* No additional filtering based on an event pattern. Additional restrictions for the event to route to the specified target. The method that generates the rule probably imposes some type of event filtering. The filtering implied by what you pass here is added on top of that filtering. > [https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) --- ##### \`ruleName\`Optional \`\`\`typescript public readonly ruleName: string; \`\`\` - *Type:* string - *Default:* AWS CloudFormation generates a unique physical ID. A name for the rule. --- ##### \`target\`Optional \`\`\`typescript public readonly target: IRuleTarget; \`\`\` - *Type:* @aws-cdk/aws-events.IRuleTarget - *Default:* No target is added to the rule. Use \`addTarget()\` to add a target. The target to register for the event. --- ##### \`imageTags\`Optional \`\`\`typescript public readonly imageTags: string[]; \`\`\` - *Type:* string[] - *Default:* Watch the changes to the repository with all image tags Only watch changes to the image tags spedified. Leave it undefined to watch the full repository. --- ### ReplicationConfigurationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html) #### Initializer \`\`\`typescript import { ReplicationConfigurationProperty } from '@aws-cdk/aws-ecr' const replicationConfigurationProperty: ReplicationConfigurationProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | rules | @aws-cdk/core.IResolvable \\| @aws-cdk/core.IResolvable \\| ReplicationRuleProperty[] | \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. | --- ##### \`rules\`Required \`\`\`typescript public readonly rules: IResolvable | IResolvable | ReplicationRuleProperty[]; \`\`\` - *Type:* @aws-cdk/core.IResolvable | @aws-cdk/core.IResolvable | ReplicationRuleProperty[] \`CfnReplicationConfiguration.ReplicationConfigurationProperty.Rules\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationconfiguration.html#cfn-ecr-replicationconfiguration-replicationconfiguration-rules) --- ### ReplicationDestinationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html) #### Initializer \`\`\`typescript import { ReplicationDestinationProperty } from '@aws-cdk/aws-ecr' const replicationDestinationProperty: ReplicationDestinationProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | region | string | \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. | | registryId | string | \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. | --- ##### \`region\`Required \`\`\`typescript public readonly region: string; \`\`\` - *Type:* string \`CfnReplicationConfiguration.ReplicationDestinationProperty.Region\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-region) --- ##### \`registryId\`Required \`\`\`typescript public readonly registryId: string; \`\`\` - *Type:* string \`CfnReplicationConfiguration.ReplicationDestinationProperty.RegistryId\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationdestination.html#cfn-ecr-replicationconfiguration-replicationdestination-registryid) --- ### ReplicationRuleProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html) #### Initializer \`\`\`typescript import { ReplicationRuleProperty } from '@aws-cdk/aws-ecr' const replicationRuleProperty: ReplicationRuleProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | destinations | @aws-cdk/core.IResolvable \\| @aws-cdk/core.IResolvable \\| ReplicationDestinationProperty[] | \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. | --- ##### \`destinations\`Required \`\`\`typescript public readonly destinations: IResolvable | IResolvable | ReplicationDestinationProperty[]; \`\`\` - *Type:* @aws-cdk/core.IResolvable | @aws-cdk/core.IResolvable | ReplicationDestinationProperty[] \`CfnReplicationConfiguration.ReplicationRuleProperty.Destinations\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ecr-replicationconfiguration-replicationrule.html#cfn-ecr-replicationconfiguration-replicationrule-destinations) --- ### RepositoryAttributes #### Initializer \`\`\`typescript import { RepositoryAttributes } from '@aws-cdk/aws-ecr' const repositoryAttributes: RepositoryAttributes = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | repositoryArn | string | *No description.* | | repositoryName | string | *No description.* | --- ##### \`repositoryArn\`Required \`\`\`typescript public readonly repositoryArn: string; \`\`\` - *Type:* string --- ##### \`repositoryName\`Required \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string --- ### RepositoryProps #### Initializer \`\`\`typescript import { RepositoryProps } from '@aws-cdk/aws-ecr' const repositoryProps: RepositoryProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | imageScanOnPush | boolean | Enable the scan on push when creating the repository. | | imageTagMutability | TagMutability | The tag mutability setting for the repository. | | lifecycleRegistryId | string | The AWS account ID associated with the registry that contains the repository. | | lifecycleRules | LifecycleRule[] | Life cycle rules to apply to this registry. | | removalPolicy | @aws-cdk/core.RemovalPolicy | Determine what happens to the repository when the resource/stack is deleted. | | repositoryName | string | Name for this repository. | --- ##### \`imageScanOnPush\`Optional \`\`\`typescript public readonly imageScanOnPush: boolean; \`\`\` - *Type:* boolean - *Default:* false Enable the scan on push when creating the repository. --- ##### \`imageTagMutability\`Optional \`\`\`typescript public readonly imageTagMutability: TagMutability; \`\`\` - *Type:* TagMutability - *Default:* TagMutability.MUTABLE The tag mutability setting for the repository. If this parameter is omitted, the default setting of MUTABLE will be used which will allow image tags to be overwritten. --- ##### \`lifecycleRegistryId\`Optional \`\`\`typescript public readonly lifecycleRegistryId: string; \`\`\` - *Type:* string - *Default:* The default registry is assumed. The AWS account ID associated with the registry that contains the repository. > [https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html](https://docs.aws.amazon.com/AmazonECR/latest/APIReference/API_PutLifecyclePolicy.html) --- ##### \`lifecycleRules\`Optional \`\`\`typescript public readonly lifecycleRules: LifecycleRule[]; \`\`\` - *Type:* LifecycleRule[] - *Default:* No life cycle rules Life cycle rules to apply to this registry. --- ##### \`removalPolicy\`Optional \`\`\`typescript public readonly removalPolicy: RemovalPolicy; \`\`\` - *Type:* @aws-cdk/core.RemovalPolicy - *Default:* RemovalPolicy.Retain Determine what happens to the repository when the resource/stack is deleted. --- ##### \`repositoryName\`Optional \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string - *Default:* Automatically generated name. Name for this repository. --- ## Classes ### AuthorizationToken Authorization token to access private ECR repositories in the current environment via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html](https://docs.aws.amazon.com/AmazonECR/latest/userguide/registry_auth.html) #### Static Functions | **Name** | **Description** | | --- | --- | | grantRead | Grant access to retrieve an authorization token. | --- ##### \`grantRead\` \`\`\`typescript import { AuthorizationToken } from '@aws-cdk/aws-ecr' AuthorizationToken.grantRead(grantee: IGrantable) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ### PublicGalleryAuthorizationToken Authorization token to access the global public ECR Gallery via Docker CLI. > [https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth](https://docs.aws.amazon.com/AmazonECR/latest/public/public-registries.html#public-registry-auth) #### Static Functions | **Name** | **Description** | | --- | --- | | grantRead | Grant access to retrieve an authorization token. | --- ##### \`grantRead\` \`\`\`typescript import { PublicGalleryAuthorizationToken } from '@aws-cdk/aws-ecr' PublicGalleryAuthorizationToken.grantRead(grantee: IGrantable) \`\`\` Grant access to retrieve an authorization token. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ## Protocols ### IRepository - *Extends:* @aws-cdk/core.IResource - *Implemented By:* Repository, RepositoryBase, IRepository Represents an ECR repository. #### Methods | **Name** | **Description** | | --- | --- | | addToResourcePolicy | Add a policy statement to the repository's resource policy. | | grant | Grant the given principal identity permissions to perform the actions on this repository. | | grantPull | Grant the given identity permissions to pull images in this repository. | | grantPullPush | Grant the given identity permissions to pull and push images to this repository. | | onCloudTrailEvent | Define a CloudWatch event that triggers when something happens to this repository. | | onCloudTrailImagePushed | Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. | | onEvent | Defines a CloudWatch event rule which triggers for repository events. | | onImageScanCompleted | Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. | | repositoryUriForDigest | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | | repositoryUriForTag | Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. | --- ##### \`addToResourcePolicy\` \`\`\`typescript public addToResourcePolicy(statement: PolicyStatement): AddToResourcePolicyResult \`\`\` Add a policy statement to the repository's resource policy. ###### \`statement\`Required - *Type:* @aws-cdk/aws-iam.PolicyStatement --- ##### \`grant\` \`\`\`typescript public grant(grantee: IGrantable, actions: string): Grant \`\`\` Grant the given principal identity permissions to perform the actions on this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ###### \`actions\`Required - *Type:* string --- ##### \`grantPull\` \`\`\`typescript public grantPull(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to pull images in this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`grantPullPush\` \`\`\`typescript public grantPullPush(grantee: IGrantable): Grant \`\`\` Grant the given identity permissions to pull and push images to this repository. ###### \`grantee\`Required - *Type:* @aws-cdk/aws-iam.IGrantable --- ##### \`onCloudTrailEvent\` \`\`\`typescript public onCloudTrailEvent(id: string, options?: OnEventOptions): Rule \`\`\` Define a CloudWatch event that triggers when something happens to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions Options for adding the rule. --- ##### \`onCloudTrailImagePushed\` \`\`\`typescript public onCloudTrailImagePushed(id: string, options?: OnCloudTrailImagePushedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this repository. Requires that there exists at least one CloudTrail Trail in your account that captures the event. This method will not create the Trail. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnCloudTrailImagePushedOptions Options for adding the rule. --- ##### \`onEvent\` \`\`\`typescript public onEvent(id: string, options?: OnEventOptions): Rule \`\`\` Defines a CloudWatch event rule which triggers for repository events. Use \`rule.addEventPattern(pattern)\` to specify a filter. ###### \`id\`Required - *Type:* string --- ###### \`options\`Optional - *Type:* @aws-cdk/aws-events.OnEventOptions --- ##### \`onImageScanCompleted\` \`\`\`typescript public onImageScanCompleted(id: string, options?: OnImageScanCompletedOptions): Rule \`\`\` Defines an AWS CloudWatch event rule that can trigger a target when the image scan is completed. ###### \`id\`Required - *Type:* string The id of the rule. --- ###### \`options\`Optional - *Type:* OnImageScanCompletedOptions Options for adding the rule. --- ##### \`repositoryUriForDigest\` \`\`\`typescript public repositoryUriForDigest(digest?: string): string \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[@DIGEST] ###### \`digest\`Optional - *Type:* string Image digest to use (tools usually default to the image with the "latest" tag if omitted). --- ##### \`repositoryUriForTag\` \`\`\`typescript public repositoryUriForTag(tag?: string): string \`\`\` Returns the URI of the repository for a certain tag. Can be used in \`docker push/pull\`. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY[:TAG] ###### \`tag\`Optional - *Type:* string Image tag to use (tools usually default to "latest" if omitted). --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | @aws-cdk/core.ConstructNode | The construct tree node for this construct. | | env | @aws-cdk/core.ResourceEnvironment | The environment this resource belongs to. | | stack | @aws-cdk/core.Stack | The stack in which this resource is defined. | | repositoryArn | string | The ARN of the repository. | | repositoryName | string | The name of the repository. | | repositoryUri | string | The URI of this repository (represents the latest image):. | --- ##### \`node\`Required \`\`\`typescript public readonly node: ConstructNode; \`\`\` - *Type:* @aws-cdk/core.ConstructNode The construct tree node for this construct. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* @aws-cdk/core.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* @aws-cdk/core.Stack The stack in which this resource is defined. --- ##### \`repositoryArn\`Required \`\`\`typescript public readonly repositoryArn: string; \`\`\` - *Type:* string The ARN of the repository. --- ##### \`repositoryName\`Required \`\`\`typescript public readonly repositoryName: string; \`\`\` - *Type:* string The name of the repository. --- ##### \`repositoryUri\`Required \`\`\`typescript public readonly repositoryUri: string; \`\`\` - *Type:* string The URI of this repository (represents the latest image):. ACCOUNT.dkr.ecr.REGION.amazonaws.com/REPOSITORY --- ## Enums ### TagMutability The tag mutability setting for your repository. #### Members | **Name** | **Description** | | --- | --- | | MUTABLE | allow image tags to be overwritten. | | IMMUTABLE | all image tags within the repository will be immutable which will prevent them from being overwritten. | --- ##### \`MUTABLE\` allow image tags to be overwritten. --- ##### \`IMMUTABLE\` all image tags within the repository will be immutable which will prevent them from being overwritten. --- ### TagStatus Select images based on tags. #### Members | **Name** | **Description** | | --- | --- | | ANY | Rule applies to all images. | | TAGGED | Rule applies to tagged images. | | UNTAGGED | Rule applies to untagged images. | --- ##### \`ANY\` Rule applies to all images. --- ##### \`TAGGED\` Rule applies to tagged images. --- ##### \`UNTAGGED\` Rule applies to untagged images. --- " `; exports[`typescript snapshot - submodules 1`] = ` "# Amazon EKS Construct Library --- ![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge) ![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge) --- This construct library allows you to define [Amazon Elastic Container Service for Kubernetes (EKS)](https://aws.amazon.com/eks/) clusters. In addition, the library also supports defining Kubernetes resource manifests within EKS clusters. ## Table Of Contents * [Quick Start](#quick-start) * [API Reference](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-eks-readme.html) * [Architectural Overview](#architectural-overview) * [Provisioning clusters](#provisioning-clusters) * [Managed node groups](#managed-node-groups) * [Fargate Profiles](#fargate-profiles) * [Self-managed nodes](#self-managed-nodes) * [Endpoint Access](#endpoint-access) * [VPC Support](#vpc-support) * [Kubectl Support](#kubectl-support) * [ARM64 Support](#arm64-support) * [Masters Role](#masters-role) * [Encryption](#encryption) * [Permissions and Security](#permissions-and-security) * [Applying Kubernetes Resources](#applying-kubernetes-resources) * [Kubernetes Manifests](#kubernetes-manifests) * [Helm Charts](#helm-charts) * [CDK8s Charts](#cdk8s-charts) * [Patching Kubernetes Resources](#patching-kubernetes-resources) * [Querying Kubernetes Resources](#querying-kubernetes-resources) * [Using existing clusters](#using-existing-clusters) * [Known Issues and Limitations](#known-issues-and-limitations) ## Quick Start This example defines an Amazon EKS cluster with the following configuration: * Dedicated VPC with default configuration (Implicitly created using [ec2.Vpc](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-ec2-readme.html#vpc)) * A Kubernetes pod with a container based on the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) image. \`\`\`ts // provisiong a cluster const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, }); // apply a kubernetes manifest to the cluster cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ] } }); \`\`\` In order to interact with your cluster through \`kubectl\`, you can use the \`aws eks update-kubeconfig\` [AWS CLI command](https://docs.aws.amazon.com/cli/latest/reference/eks/update-kubeconfig.html) to configure your local kubeconfig. The EKS module will define a CloudFormation output in your stack which contains the command to run. For example: \`\`\`plaintext Outputs: ClusterConfigCommand43AAE40F = aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy \`\`\` Execute the \`aws eks update-kubeconfig ...\` command in your terminal to create or update a local kubeconfig context: \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` And now you can simply use \`kubectl\`: \`\`\`console $ kubectl get all -n kube-system NAME READY STATUS RESTARTS AGE pod/aws-node-fpmwv 1/1 Running 0 21m pod/aws-node-m9htf 1/1 Running 0 21m pod/coredns-5cb4fb54c7-q222j 1/1 Running 0 23m pod/coredns-5cb4fb54c7-v9nxx 1/1 Running 0 23m ... \`\`\` ## Architectural Overview The following is a qualitative diagram of the various possible components involved in the cluster deployment. \`\`\`text +-----------------------------------------------+ +-----------------+ | EKS Cluster | kubectl | | |-----------------------------------------------|<-------------+| Kubectl Handler | | | | | | | +-----------------+ | +--------------------+ +-----------------+ | | | | | | | | | Managed Node Group | | Fargate Profile | | +-----------------+ | | | | | | | | | +--------------------+ +-----------------+ | | Cluster Handler | | | | | +-----------------------------------------------+ +-----------------+ ^ ^ + | | | | connect self managed capacity | | aws-sdk | | create/update/delete | + | v +--------------------+ + +-------------------+ | | --------------+| eks.amazonaws.com | | Auto Scaling Group | +-------------------+ | | +--------------------+ \`\`\` In a nutshell: * \`EKS Cluster\` - The cluster endpoint created by EKS. * \`Managed Node Group\` - EC2 worker nodes managed by EKS. * \`Fargate Profile\` - Fargate worker nodes managed by EKS. * \`Auto Scaling Group\` - EC2 worker nodes managed by the user. * \`KubectlHandler\` - Lambda function for invoking \`kubectl\` commands on the cluster - created by CDK. * \`ClusterHandler\` - Lambda function for interacting with EKS API to manage the cluster lifecycle - created by CDK. A more detailed breakdown of each is provided further down this README. ## Provisioning clusters Creating a new cluster is done using the \`Cluster\` or \`FargateCluster\` constructs. The only required property is the kubernetes \`version\`. \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` You can also use \`FargateCluster\` to provision a cluster that uses only fargate workers. \`\`\`ts new eks.FargateCluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, }); \`\`\` > **NOTE: Only 1 cluster per stack is supported.** If you have a use-case for multiple clusters per stack, or would like to understand more about this limitation, see . Below you'll find a few important cluster configuration options. First of which is Capacity. Capacity is the amount and the type of worker nodes that are available to the cluster for deploying resources. Amazon EKS offers 3 ways of configuring capacity, which you can combine as you like: ### Managed node groups Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes (Amazon EC2 instances) for Amazon EKS Kubernetes clusters. With Amazon EKS managed node groups, you don’t need to separately provision or register the Amazon EC2 instances that provide compute capacity to run your Kubernetes applications. You can create, update, or terminate nodes for your cluster with a single operation. Nodes run using the latest Amazon EKS optimized AMIs in your AWS account while node updates and terminations gracefully drain nodes to ensure that your applications stay available. > For more details visit [Amazon EKS Managed Node Groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html). **Managed Node Groups are the recommended way to allocate cluster capacity.** By default, this library will allocate a managed node group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). At cluster instantiation time, you can customize the number of instances and their type: \`\`\`ts new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 5, defaultCapacityInstance: ec2.InstanceType.of(ec2.InstanceClass.M5, ec2.InstanceSize.SMALL), }); \`\`\` To access the node group that was created on your behalf, you can use \`cluster.defaultNodegroup\`. Additional customizations are available post instantiation. To apply them, set the default capacity to 0, and use the \`cluster.addNodegroupCapacity\` method: \`\`\`ts const cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacity: 0, }); cluster.addNodegroupCapacity('custom-node-group', { instanceTypes: [new ec2.InstanceType('m5.large')], minSize: 4, diskSize: 100, amiType: eks.NodegroupAmiType.AL2_X86_64_GPU, ... }); \`\`\` #### Spot Instances Support Use \`capacityType\` to create managed node groups comprised of spot instances. To maximize the availability of your applications while using Spot Instances, we recommend that you configure a Spot managed node group to use multiple instance types with the \`instanceTypes\` property. > For more details visit [Managed node group capacity types](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html#managed-node-group-capacity-types). \`\`\`ts cluster.addNodegroupCapacity('extra-ng-spot', { instanceTypes: [ new ec2.InstanceType('c5.large'), new ec2.InstanceType('c5a.large'), new ec2.InstanceType('c5d.large'), ], minSize: 3, capacityType: eks.CapacityType.SPOT, }); \`\`\` #### Launch Template Support You can specify a launch template that the node group will use. For example, this can be useful if you want to use a custom AMI or add custom user data. When supplying a custom user data script, it must be encoded in the MIME multi-part archive format, since Amazon EKS merges with its own user data. Visit the [Launch Template Docs](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html#launch-template-user-data) for mode details. \`\`\`ts const userData = \`MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="==MYBOUNDARY==" --==MYBOUNDARY== Content-Type: text/x-shellscript; charset="us-ascii" #!/bin/bash echo "Running custom user data script" --==MYBOUNDARY==--\\\\ \`; const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { instanceType: 't3.small', userData: Fn.base64(userData), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` Note that when using a custom AMI, Amazon EKS doesn't merge any user data. Which means you do not need the multi-part encoding. and are responsible for supplying the required bootstrap commands for nodes to join the cluster. In the following example, \`/ect/eks/bootstrap.sh\` from the AMI will be used to bootstrap the node. \`\`\`ts const userData = ec2.UserData.forLinux(); userData.addCommands( 'set -o xtrace', \`/etc/eks/bootstrap.sh \${cluster.clusterName}\`, ); const lt = new ec2.CfnLaunchTemplate(this, 'LaunchTemplate', { launchTemplateData: { imageId: 'some-ami-id', // custom AMI instanceType: 't3.small', userData: Fn.base64(userData.render()), }, }); cluster.addNodegroupCapacity('extra-ng', { launchTemplateSpec: { id: lt.ref, version: lt.attrLatestVersionNumber, }, }); \`\`\` You may specify one \`instanceType\` in the launch template or multiple \`instanceTypes\` in the node group, **but not both**. > For more details visit [Launch Template Support](https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html). Graviton 2 instance types are supported including \`c6g\`, \`m6g\`, \`r6g\` and \`t4g\`. ### Fargate profiles AWS Fargate is a technology that provides on-demand, right-sized compute capacity for containers. With AWS Fargate, you no longer have to provision, configure, or scale groups of virtual machines to run containers. This removes the need to choose server types, decide when to scale your node groups, or optimize cluster packing. You can control which pods start on Fargate and how they run with Fargate Profiles, which are defined as part of your Amazon EKS cluster. See [Fargate Considerations](https://docs.aws.amazon.com/eks/latest/userguide/fargate.html#fargate-considerations) in the AWS EKS User Guide. You can add Fargate Profiles to any EKS cluster defined in your CDK app through the \`addFargateProfile()\` method. The following example adds a profile that will match all pods from the "default" namespace: \`\`\`ts cluster.addFargateProfile('MyProfile', { selectors: [ { namespace: 'default' } ] }); \`\`\` You can also directly use the \`FargateProfile\` construct to create profiles under different scopes: \`\`\`ts new eks.FargateProfile(scope, 'MyProfile', { cluster, ... }); \`\`\` To create an EKS cluster that **only** uses Fargate capacity, you can use \`FargateCluster\`. The following code defines an Amazon EKS cluster with a default Fargate Profile that matches all pods from the "kube-system" and "default" namespaces. It is also configured to [run CoreDNS on Fargate](https://docs.aws.amazon.com/eks/latest/userguide/fargate-getting-started.html#fargate-gs-coredns). \`\`\`ts const cluster = new eks.FargateCluster(this, 'MyCluster', { version: eks.KubernetesVersion.V1_19, }); \`\`\` **NOTE**: Classic Load Balancers and Network Load Balancers are not supported on pods running on Fargate. For ingress, we recommend that you use the [ALB Ingress Controller](https://docs.aws.amazon.com/eks/latest/userguide/alb-ingress.html) on Amazon EKS (minimum version v1.1.4). ### Self-managed nodes Another way of allocating capacity to an EKS cluster is by using self-managed nodes. EC2 instances that are part of the auto-scaling group will serve as worker nodes for the cluster. This type of capacity is also commonly referred to as *EC2 Capacity** or *EC2 Nodes*. For a detailed overview please visit [Self Managed Nodes](https://docs.aws.amazon.com/eks/latest/userguide/worker.html). Creating an auto-scaling group and connecting it to the cluster is done using the \`cluster.addAutoScalingGroupCapacity\` method: \`\`\`ts cluster.addAutoScalingGroupCapacity('frontend-nodes', { instanceType: new ec2.InstanceType('t2.medium'), minCapacity: 3, vpcSubnets: { subnetType: ec2.SubnetType.PUBLIC } }); \`\`\` To connect an already initialized auto-scaling group, use the \`cluster.connectAutoScalingGroupCapacity()\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...); cluster.connectAutoScalingGroupCapacity(asg); \`\`\` In both cases, the [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#cluster-sg) will be automatically attached to the auto-scaling group, allowing for traffic to flow freely between managed and self-managed nodes. > **Note:** The default \`updateType\` for auto-scaling groups does not replace existing nodes. Since security groups are determined at launch time, self-managed nodes that were provisioned with version \`1.78.0\` or lower, will not be updated. > To apply the new configuration on all your self-managed nodes, you'll need to replace the nodes using the \`UpdateType.REPLACING_UPDATE\` policy for the [\`updateType\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-autoscaling.AutoScalingGroup.html#updatetypespan-classapi-icon-api-icon-deprecated-titlethis-api-element-is-deprecated-its-use-is-not-recommended%EF%B8%8Fspan) property. You can customize the [/etc/eks/boostrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) script, which is responsible for bootstrapping the node to the EKS cluster. For example, you can use \`kubeletExtraArgs\` to add custom node labels or taints. \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { instanceType: new ec2.InstanceType('t3.large'), minCapacity: 2, bootstrapOptions: { kubeletExtraArgs: '--node-labels foo=bar,goo=far', awsApiRetryAttempts: 5 } }); \`\`\` To disable bootstrapping altogether (i.e. to fully customize user-data), set \`bootstrapEnabled\` to \`false\`. You can also configure the cluster to use an auto-scaling group as the default capacity: \`\`\`ts cluster = new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, defaultCapacityType: eks.DefaultCapacityType.EC2, }); \`\`\` This will allocate an auto-scaling group with 2 *m5.large* instances (this instance type suits most common use-cases, and is good value for money). To access the \`AutoScalingGroup\` that was created on your behalf, you can use \`cluster.defaultCapacity\`. You can also independently create an \`AutoScalingGroup\` and connect it to the cluster using the \`cluster.connectAutoScalingGroupCapacity\` method: \`\`\`ts const asg = new ec2.AutoScalingGroup(...) cluster.connectAutoScalingGroupCapacity(asg); \`\`\` This will add the necessary user-data to access the apiserver and configure all connections, roles, and tags needed for the instances in the auto-scaling group to properly join the cluster. #### Spot Instances When using self-managed nodes, you can configure the capacity to use spot instances, greatly reducing capacity cost. To enable spot capacity, use the \`spotPrice\` property: \`\`\`ts cluster.addAutoScalingGroupCapacity('spot', { spotPrice: '0.1094', instanceType: new ec2.InstanceType('t3.large'), maxCapacity: 10 }); \`\`\` > Spot instance nodes will be labeled with \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. The [AWS Node Termination Handler](https://github.com/aws/aws-node-termination-handler) \`DaemonSet\` will be installed from [Amazon EKS Helm chart repository](https://github.com/aws/eks-charts/tree/master/stable/aws-node-termination-handler) on these nodes. The termination handler ensures that the Kubernetes control plane responds appropriately to events that can cause your EC2 instance to become unavailable, such as [EC2 maintenance events](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instances-status-check_sched.html) and [EC2 Spot interruptions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-interruptions.html) and helps gracefully stop all pods running on spot nodes that are about to be terminated. > Handler Version: [1.7.0](https://github.com/aws/aws-node-termination-handler/releases/tag/v1.7.0) > > Chart Version: [0.9.5](https://github.com/aws/eks-charts/blob/v0.0.28/stable/aws-node-termination-handler/Chart.yaml) To disable the installation of the termination handler, set the \`spotInterruptHandler\` property to \`false\`. This applies both to \`addAutoScalingGroupCapacity\` and \`connectAutoScalingGroupCapacity\`. #### Bottlerocket [Bottlerocket](https://aws.amazon.com/bottlerocket/) is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts. At this moment, \`Bottlerocket\` is only supported when using self-managed auto-scaling groups. > **NOTICE**: Bottlerocket is only available in [some supported AWS regions](https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#finding-an-ami). The following example will create an auto-scaling group of 2 \`t3.small\` Linux instances running with the \`Bottlerocket\` AMI. \`\`\`ts cluster.addAutoScalingGroupCapacity('BottlerocketNodes', { instanceType: new ec2.InstanceType('t3.small'), minCapacity: 2, machineImageType: eks.MachineImageType.BOTTLEROCKET }); \`\`\` The specific Bottlerocket AMI variant will be auto selected according to the k8s version for the \`x86_64\` architecture. For example, if the Amazon EKS cluster version is \`1.17\`, the Bottlerocket AMI variant will be auto selected as \`aws-k8s-1.17\` behind the scene. > See [Variants](https://github.com/bottlerocket-os/bottlerocket/blob/develop/README.md#variants) for more details. Please note Bottlerocket does not allow to customize bootstrap options and \`bootstrapOptions\` properties is not supported when you create the \`Bottlerocket\` capacity. ### Endpoint Access When you create a new cluster, Amazon EKS creates an endpoint for the managed Kubernetes API server that you use to communicate with your cluster (using Kubernetes management tools such as \`kubectl\`) By default, this API server endpoint is public to the internet, and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes [Role Based Access Control](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) (RBAC). You can configure the [cluster endpoint access](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) by using the \`endpointAccess\` property: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, endpointAccess: eks.EndpointAccess.PRIVATE // No access outside of your VPC. }); \`\`\` The default value is \`eks.EndpointAccess.PUBLIC_AND_PRIVATE\`. Which means the cluster endpoint is accessible from outside of your VPC, but worker node traffic and \`kubectl\` commands issued by this library stay within your VPC. ### VPC Support You can specify the VPC of the cluster using the \`vpc\` and \`vpcSubnets\` properties: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, vpc, vpcSubnets: [{ subnetType: ec2.SubnetType.PRIVATE }] }); \`\`\` > Note: Isolated VPCs (i.e with no internet access) are not currently supported. See https://github.com/aws/aws-cdk/issues/12171 If you do not specify a VPC, one will be created on your behalf, which you can then access via \`cluster.vpc\`. The cluster VPC will be associated to any EKS managed capacity (i.e Managed Node Groups and Fargate Profiles). If you allocate self managed capacity, you can specify which subnets should the auto-scaling group use: \`\`\`ts const vpc = new ec2.Vpc(this, 'Vpc'); cluster.addAutoScalingGroupCapacity('nodes', { vpcSubnets: { subnets: vpc.privateSubnets } }); \`\`\` There are two additional components you might want to provision within the VPC. #### Kubectl Handler The \`KubectlHandler\` is a Lambda function responsible to issuing \`kubectl\` and \`helm\` commands against the cluster when you add resource manifests to the cluster. The handler association to the VPC is derived from the \`endpointAccess\` configuration. The rule of thumb is: *If the cluster VPC can be associated, it will be*. Breaking this down, it means that if the endpoint exposes private access (via \`EndpointAccess.PRIVATE\` or \`EndpointAccess.PUBLIC_AND_PRIVATE\`), and the VPC contains **private** subnets, the Lambda function will be provisioned inside the VPC and use the private subnets to interact with the cluster. This is the common use-case. If the endpoint does not expose private access (via \`EndpointAccess.PUBLIC\`) **or** the VPC does not contain private subnets, the function will not be provisioned within the VPC. #### Cluster Handler The \`ClusterHandler\` is a Lambda function responsible to interact with the EKS API in order to control the cluster lifecycle. To provision this function inside the VPC, set the \`placeClusterHandlerInVpc\` property to \`true\`. This will place the function inside the private subnets of the VPC based on the selection strategy specified in the [\`vpcSubnets\`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-eks.Cluster.html#vpcsubnetsspan-classapi-icon-api-icon-experimental-titlethis-api-element-is-experimental-it-may-change-without-noticespan) property. You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, clusterHandlerEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` ### Kubectl Support The resources are created in the cluster by running \`kubectl apply\` from a python lambda function. #### Environment You can configure the environment of this function by specifying it at cluster instantiation. For example, this can be useful in order to configure an http proxy: \`\`\`ts const cluster = new eks.Cluster(this, 'hello-eks', { version: eks.KubernetesVersion.V1_19, kubectlEnvironment: { 'http_proxy': 'http://proxy.myproxy.com' } }); \`\`\` #### Runtime The kubectl handler uses \`kubectl\`, \`helm\` and the \`aws\` CLI in order to interact with the cluster. These are bundled into AWS Lambda layers included in the \`@aws-cdk/lambda-layer-awscli\` and \`@aws-cdk/lambda-layer-kubectl\` modules. You can specify a custom \`lambda.LayerVersion\` if you wish to use a different version of these tools. The handler expects the layer to include the following three executables: \`\`\`text helm/helm kubectl/kubectl awscli/aws \`\`\` See more information in the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-awscli/layer) for @aws-cdk/lambda-layer-awscli and the [Dockerfile](https://github.com/aws/aws-cdk/tree/master/packages/%40aws-cdk/lambda-layer-kubectl/layer) for @aws-cdk/lambda-layer-kubectl. \`\`\`ts const layer = new lambda.LayerVersion(this, 'KubectlLayer', { code: lambda.Code.fromAsset('layer.zip'), }); \`\`\` Now specify when the cluster is defined: \`\`\`ts const cluster = new eks.Cluster(this, 'MyCluster', { kubectlLayer: layer, }); // or const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlLayer: layer, }); \`\`\` #### Memory By default, the kubectl provider is configured with 1024MiB of memory. You can use the \`kubectlMemory\` option to specify the memory size for the AWS Lambda function: \`\`\`ts import { Size } from 'aws-cdk-lib'; new eks.Cluster(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); // or eks.Cluster.fromClusterAttributes(this, 'MyCluster', { kubectlMemory: Size.gibibytes(4) }); \`\`\` ### ARM64 Support Instance types with \`ARM64\` architecture are supported in both managed nodegroup and self-managed capacity. Simply specify an ARM64 \`instanceType\` (such as \`m6g.medium\`), and the latest Amazon Linux 2 AMI for ARM64 will be automatically selected. \`\`\`ts // add a managed ARM64 nodegroup cluster.addNodegroupCapacity('extra-ng-arm', { instanceTypes: [new ec2.InstanceType('m6g.medium')], minSize: 2, }); // add a self-managed ARM64 nodegroup cluster.addAutoScalingGroupCapacity('self-ng-arm', { instanceType: new ec2.InstanceType('m6g.medium'), minCapacity: 2, }) \`\`\` ### Masters Role When you create a cluster, you can specify a \`mastersRole\`. The \`Cluster\` construct will associate this role with the \`system:masters\` [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) group, giving it super-user access to the cluster. \`\`\`ts const role = new iam.Role(...); new eks.Cluster(this, 'HelloEKS', { version: eks.KubernetesVersion.V1_19, mastersRole: role, }); \`\`\` If you do not specify it, a default role will be created on your behalf, that can be assumed by anyone in the account with \`sts:AssumeRole\` permissions for this role. This is the role you see as part of the stack outputs mentioned in the [Quick Start](#quick-start). \`\`\`console $ aws eks update-kubeconfig --name cluster-xxxxx --role-arn arn:aws:iam::112233445566:role/yyyyy Added new context arn:aws:eks:rrrrr:112233445566:cluster/cluster-xxxxx to /home/boom/.kube/config \`\`\` ### Encryption When you create an Amazon EKS cluster, envelope encryption of Kubernetes secrets using the AWS Key Management Service (AWS KMS) can be enabled. The documentation on [creating a cluster](https://docs.aws.amazon.com/eks/latest/userguide/create-cluster.html) can provide more details about the customer master key (CMK) that can be used for the encryption. You can use the \`secretsEncryptionKey\` to configure which key the cluster will use to encrypt Kubernetes secrets. By default, an AWS Managed key will be used. > This setting can only be specified when the cluster is created and cannot be updated. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.Cluster(this, 'MyCluster', { secretsEncryptionKey: secretsKey, // ... }); \`\`\` You can also use a similar configuration for running a cluster built using the FargateCluster construct. \`\`\`ts const secretsKey = new kms.Key(this, 'SecretsKey'); const cluster = new eks.FargateCluster(this, 'MyFargateCluster', { secretsEncryptionKey: secretsKey }); \`\`\` The Amazon Resource Name (ARN) for that CMK can be retrieved. \`\`\`ts const clusterEncryptionConfigKeyArn = cluster.clusterEncryptionConfigKeyArn; \`\`\` ## Permissions and Security Amazon EKS provides several mechanism of securing the cluster and granting permissions to specific IAM users and roles. ### AWS IAM Mapping As described in the [Amazon EKS User Guide](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html), you can map AWS IAM users and roles to [Kubernetes Role-based access control (RBAC)](https://kubernetes.io/docs/reference/access-authn-authz/rbac). The Amazon EKS construct manages the *aws-auth* \`ConfigMap\` Kubernetes resource on your behalf and exposes an API through the \`cluster.awsAuth\` for mapping users, roles and accounts. Furthermore, when auto-scaling group capacity is added to the cluster, the IAM instance role of the auto-scaling group will be automatically mapped to RBAC so nodes can connect to the cluster. No manual mapping is required. For example, let's say you want to grant an IAM user administrative privileges on your cluster: \`\`\`ts const adminUser = new iam.User(this, 'Admin'); cluster.awsAuth.addUserMapping(adminUser, { groups: [ 'system:masters' ]}); \`\`\` A convenience method for mapping a role to the \`system:masters\` group is also available: \`\`\`ts cluster.awsAuth.addMastersRole(role) \`\`\` ### Cluster Security Group When you create an Amazon EKS cluster, a [cluster security group](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) is automatically created as well. This security group is designed to allow all traffic from the control plane and managed node groups to flow freely between each other. The ID for that security group can be retrieved after creating the cluster. \`\`\`ts const clusterSecurityGroupId = cluster.clusterSecurityGroupId; \`\`\` ### Node SSH Access If you want to be able to SSH into your worker nodes, you must already have an SSH key in the region you're connecting to and pass it when you add capacity to the cluster. You must also be able to connect to the hosts (meaning they must have a public IP and you should be allowed to connect to them on port 22): See [SSH into nodes](test/example.ssh-into-nodes.lit.ts) for a code example. If you want to SSH into nodes in a private subnet, you should set up a bastion host in a public subnet. That setup is recommended, but is unfortunately beyond the scope of this documentation. ### Service Accounts With services account you can provide Kubernetes Pods access to AWS resources. \`\`\`ts // add service account const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); const mypod = cluster.addManifest('mypod', { apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { serviceAccountName: sa.serviceAccountName containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ], } ] } }); // create the resource after the service account. mypod.node.addDependency(sa); // print the IAM role arn for this service account new cdk.CfnOutput(this, 'ServiceAccountIamRole', { value: sa.role.roleArn }) \`\`\` Note that using \`sa.serviceAccountName\` above **does not** translate into a resource dependency. This is why an explicit dependency is needed. See for more details. You can also add service accounts to existing clusters. To do so, pass the \`openIdConnectProvider\` property when you import the cluster into the application. \`\`\`ts // you can import an existing provider const provider = eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(this, 'Provider', 'arn:aws:iam::123456:oidc-provider/oidc.eks.eu-west-1.amazonaws.com/id/AB123456ABC'); // or create a new one using an existing issuer url const provider = new eks.OpenIdConnectProvider(this, 'Provider', issuerUrl); const cluster = eks.Cluster.fromClusterAttributes({ clusterName: 'Cluster', openIdConnectProvider: provider, kubectlRoleArn: 'arn:aws:iam::123456:role/service-role/k8sservicerole', }); const sa = cluster.addServiceAccount('MyServiceAccount'); const bucket = new Bucket(this, 'Bucket'); bucket.grantReadWrite(serviceAccount); // ... \`\`\` Note that adding service accounts requires running \`kubectl\` commands against the cluster. This means you must also pass the \`kubectlRoleArn\` when importing the cluster. See [Using existing Clusters](https://github.com/aws/aws-cdk/tree/master/packages/@aws-cdk/aws-eks#using-existing-clusters). ## Applying Kubernetes Resources The library supports several popular resource deployment mechanisms, among which are: ### Kubernetes Manifests The \`KubernetesManifest\` construct or \`cluster.addManifest\` method can be used to apply Kubernetes resource manifests to this cluster. > When using \`cluster.addManifest\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new KubernetesManifest\` to create the manifest in the scope of the other stack. The following examples will deploy the [paulbouwer/hello-kubernetes](https://github.com/paulbouwer/hello-kubernetes) service on the cluster: \`\`\`ts const appLabel = { app: "hello-kubernetes" }; const deployment = { apiVersion: "apps/v1", kind: "Deployment", metadata: { name: "hello-kubernetes" }, spec: { replicas: 3, selector: { matchLabels: appLabel }, template: { metadata: { labels: appLabel }, spec: { containers: [ { name: "hello-kubernetes", image: "paulbouwer/hello-kubernetes:1.5", ports: [ { containerPort: 8080 } ] } ] } } } }; const service = { apiVersion: "v1", kind: "Service", metadata: { name: "hello-kubernetes" }, spec: { type: "LoadBalancer", ports: [ { port: 80, targetPort: 8080 } ], selector: appLabel } }; // option 1: use a construct new KubernetesManifest(this, 'hello-kub', { cluster, manifest: [ deployment, service ] }); // or, option2: use \`addManifest\` cluster.addManifest('hello-kub', service, deployment); \`\`\` #### Adding resources from a URL The following example will deploy the resource manifest hosting on remote server: \`\`\`ts import * as yaml from 'js-yaml'; import * as request from 'sync-request'; const manifestUrl = 'https://url/of/manifest.yaml'; const manifest = yaml.safeLoadAll(request('GET', manifestUrl).getBody()); cluster.addManifest('my-resource', ...manifest); \`\`\` #### Dependencies There are cases where Kubernetes resources must be deployed in a specific order. For example, you cannot define a resource in a Kubernetes namespace before the namespace was created. You can represent dependencies between \`KubernetesManifest\`s using \`resource.node.addDependency()\`: \`\`\`ts const namespace = cluster.addManifest('my-namespace', { apiVersion: 'v1', kind: 'Namespace', metadata: { name: 'my-app' } }); const service = cluster.addManifest('my-service', { metadata: { name: 'myservice', namespace: 'my-app' }, spec: // ... }); service.node.addDependency(namespace); // will apply \`my-namespace\` before \`my-service\`. \`\`\` **NOTE:** when a \`KubernetesManifest\` includes multiple resources (either directly or through \`cluster.addManifest()\`) (e.g. \`cluster.addManifest('foo', r1, r2, r3,...)\`), these resources will be applied as a single manifest via \`kubectl\` and will be applied sequentially (the standard behavior in \`kubectl\`). --- Since Kubernetes manifests are implemented as CloudFormation resources in the CDK. This means that if the manifest is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`kubectl delete\` command and the Kubernetes resources in that manifest will be deleted. #### Resource Pruning When a resource is deleted from a Kubernetes manifest, the EKS module will automatically delete these resources by injecting a _prune label_ to all manifest resources. This label is then passed to [\`kubectl apply --prune\`]. [\`kubectl apply --prune\`]: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label Pruning is enabled by default but can be disabled through the \`prune\` option when a cluster is defined: \`\`\`ts new Cluster(this, 'MyCluster', { prune: false }); \`\`\` #### Manifests Validation The \`kubectl\` CLI supports applying a manifest by skipping the validation. This can be accomplished by setting the \`skipValidation\` flag to \`true\` in the \`KubernetesManifest\` props. \`\`\`ts new eks.KubernetesManifest(this, 'HelloAppWithoutValidation', { cluster: this.cluster, manifest: [ deployment, service ], skipValidation: true, }); \`\`\` ### Helm Charts The \`HelmChart\` construct or \`cluster.addHelmChart\` method can be used to add Kubernetes resources to this cluster using Helm. > When using \`cluster.addHelmChart\`, the manifest construct is defined within the cluster's stack scope. If the manifest contains > attributes from a different stack which depend on the cluster stack, a circular dependency will be created and you will get a synth time error. > To avoid this, directly use \`new HelmChart\` to create the chart in the scope of the other stack. The following example will install the [NGINX Ingress Controller](https://kubernetes.github.io/ingress-nginx/) to your cluster using Helm. \`\`\`ts // option 1: use a construct new HelmChart(this, 'NginxIngress', { cluster, chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); // or, option2: use \`addHelmChart\` cluster.addHelmChart('NginxIngress', { chart: 'nginx-ingress', repository: 'https://helm.nginx.com/stable', namespace: 'kube-system' }); \`\`\` Helm charts will be installed and updated using \`helm upgrade --install\`, where a few parameters are being passed down (such as \`repo\`, \`values\`, \`version\`, \`namespace\`, \`wait\`, \`timeout\`, etc). This means that if the chart is added to CDK with the same release name, it will try to update the chart in the cluster. Helm charts are implemented as CloudFormation resources in CDK. This means that if the chart is deleted from your code (or the stack is deleted), the next \`cdk deploy\` will issue a \`helm uninstall\` command and the Helm chart will be deleted. When there is no \`release\` defined, a unique ID will be allocated for the release based on the construct path. By default, all Helm charts will be installed concurrently. In some cases, this could cause race conditions where two Helm charts attempt to deploy the same resource or if Helm charts depend on each other. You can use \`chart.node.addDependency()\` in order to declare a dependency order between charts: \`\`\`ts const chart1 = cluster.addHelmChart(...); const chart2 = cluster.addHelmChart(...); chart2.node.addDependency(chart1); \`\`\` #### CDK8s Charts [CDK8s](https://cdk8s.io/) is an open-source library that enables Kubernetes manifest authoring using familiar programming languages. It is founded on the same technologies as the AWS CDK, such as [\`constructs\`](https://github.com/aws/constructs) and [\`jsii\`](https://github.com/aws/jsii). > To learn more about cdk8s, visit the [Getting Started](https://github.com/awslabs/cdk8s/tree/master/docs/getting-started) tutorials. The EKS module natively integrates with cdk8s and allows you to apply cdk8s charts on AWS EKS clusters via the \`cluster.addCdk8sChart\` method. In addition to \`cdk8s\`, you can also use [\`cdk8s+\`](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-plus), which provides higher level abstraction for the core kubernetes api objects. You can think of it like the \`L2\` constructs for Kubernetes. Any other \`cdk8s\` based libraries are also supported, for example [\`cdk8s-debore\`](https://github.com/toricls/cdk8s-debore). To get started, add the following dependencies to your \`package.json\` file: \`\`\`json "dependencies": { "cdk8s": "0.30.0", "cdk8s-plus": "0.30.0", "constructs": "3.0.4" } \`\`\` > Note that the version of \`cdk8s\` must be \`>=0.30.0\`. Similarly to how you would create a stack by extending \`@aws-cdk/core.Stack\`, we recommend you create a chart of your own that extends \`cdk8s.Chart\`, and add your kubernetes resources to it. You can use \`aws-cdk\` construct attributes and properties inside your \`cdk8s\` construct freely. In this example we create a chart that accepts an \`s3.Bucket\` and passes its name to a kubernetes pod as an environment variable. Notice that the chart must accept a \`constructs.Construct\` type as its scope, not an \`@aws-cdk/core.Construct\` as you would normally use. For this reason, to avoid possible confusion, we will create the chart in a separate file: \`+ my-chart.ts\` \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface MyChartProps { readonly bucket: s3.Bucket; } export class MyChart extends cdk8s.Chart { constructor(scope: constructs.Construct, id: string, props: MyChartProps) { super(scope, id); new kplus.Pod(this, 'Pod', { spec: { containers: [ new kplus.Container({ image: 'my-image', env: { BUCKET_NAME: kplus.EnvValue.fromValue(props.bucket.bucketName), }, }), ], }, }); } } \`\`\` Then, in your AWS CDK app: \`\`\`ts import { aws_s3 as s3 } from 'aws-cdk-lib'; import * as cdk8s from 'cdk8s'; import { MyChart } from './my-chart'; // some bucket.. const bucket = new s3.Bucket(this, 'Bucket'); // create a cdk8s chart and use \`cdk8s.App\` as the scope. const myChart = new MyChart(new cdk8s.App(), 'MyChart', { bucket }); // add the cdk8s chart to the cluster cluster.addCdk8sChart('my-chart', myChart); \`\`\` ##### Custom CDK8s Constructs You can also compose a few stock \`cdk8s+\` constructs into your own custom construct. However, since mixing scopes between \`aws-cdk\` and \`cdk8s\` is currently not supported, the \`Construct\` class you'll need to use is the one from the [\`constructs\`](https://github.com/aws/constructs) module, and not from \`@aws-cdk/core\` like you normally would. This is why we used \`new cdk8s.App()\` as the scope of the chart above. \`\`\`ts import * as constructs from 'constructs'; import * as cdk8s from 'cdk8s'; import * as kplus from 'cdk8s-plus'; export interface LoadBalancedWebService { readonly port: number; readonly image: string; readonly replicas: number; } export class LoadBalancedWebService extends constructs.Construct { constructor(scope: constructs.Construct, id: string, props: LoadBalancedWebService) { super(scope, id); const deployment = new kplus.Deployment(chart, 'Deployment', { spec: { replicas: props.replicas, podSpecTemplate: { containers: [ new kplus.Container({ image: props.image }) ] } }, }); deployment.expose({port: props.port, serviceType: kplus.ServiceType.LOAD_BALANCER}) } } \`\`\` ##### Manually importing k8s specs and CRD's If you find yourself unable to use \`cdk8s+\`, or just like to directly use the \`k8s\` native objects or CRD's, you can do so by manually importing them using the \`cdk8s-cli\`. See [Importing kubernetes objects](https://github.com/awslabs/cdk8s/tree/master/packages/cdk8s-cli#import) for detailed instructions. ## Patching Kubernetes Resources The \`KubernetesPatch\` construct can be used to update existing kubernetes resources. The following example can be used to patch the \`hello-kubernetes\` deployment from the example above with 5 replicas. \`\`\`ts new KubernetesPatch(this, 'hello-kub-deployment-label', { cluster, resourceName: "deployment/hello-kubernetes", applyPatch: { spec: { replicas: 5 } }, restorePatch: { spec: { replicas: 3 } } }) \`\`\` ## Querying Kubernetes Resources The \`KubernetesObjectValue\` construct can be used to query for information about kubernetes objects, and use that as part of your CDK application. For example, you can fetch the address of a [\`LoadBalancer\`](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) type service: \`\`\`ts // query the load balancer address const myServiceAddress = new KubernetesObjectValue(this, 'LoadBalancerAttribute', { cluster: cluster, objectType: 'service', objectName: 'my-service', jsonPath: '.status.loadBalancer.ingress[0].hostname', // https://kubernetes.io/docs/reference/kubectl/jsonpath/ }); // pass the address to a lambda function const proxyFunction = new lambda.Function(this, 'ProxyFunction', { ... environment: { myServiceAddress: myServiceAddress.value }, }) \`\`\` Specifically, since the above use-case is quite common, there is an easier way to access that information: \`\`\`ts const loadBalancerAddress = cluster.getServiceLoadBalancerAddress('my-service'); \`\`\` ## Using existing clusters The Amazon EKS library allows defining Kubernetes resources such as [Kubernetes manifests](#kubernetes-resources) and [Helm charts](#helm-charts) on clusters that are not defined as part of your CDK app. First, you'll need to "import" a cluster to your CDK app. To do that, use the \`eks.Cluster.fromClusterAttributes()\` static method: \`\`\`ts const cluster = eks.Cluster.fromClusterAttributes(this, 'MyCluster', { clusterName: 'my-cluster-name', kubectlRoleArn: 'arn:aws:iam::1111111:role/iam-role-that-has-masters-access', }); \`\`\` Then, you can use \`addManifest\` or \`addHelmChart\` to define resources inside your Kubernetes cluster. For example: \`\`\`ts cluster.addManifest('Test', { apiVersion: 'v1', kind: 'ConfigMap', metadata: { name: 'myconfigmap', }, data: { Key: 'value', Another: '123454', }, }); \`\`\` At the minimum, when importing clusters for \`kubectl\` management, you will need to specify: * \`clusterName\` - the name of the cluster. * \`kubectlRoleArn\` - the ARN of an IAM role mapped to the \`system:masters\` RBAC role. If the cluster you are importing was created using the AWS CDK, the CloudFormation stack has an output that includes an IAM role that can be used. Otherwise, you can create an IAM role and map it to \`system:masters\` manually. The trust policy of this role should include the the \`arn:aws::iam::\${accountId}:root\` principal in order to allow the execution role of the kubectl resource to assume it. If the cluster is configured with private-only or private and restricted public Kubernetes [endpoint access](#endpoint-access), you must also specify: * \`kubectlSecurityGroupId\` - the ID of an EC2 security group that is allowed connections to the cluster's control security group. For example, the EKS managed [cluster security group](#cluster-security-group). * \`kubectlPrivateSubnetIds\` - a list of private VPC subnets IDs that will be used to access the Kubernetes endpoint. ## Known Issues and Limitations * [One cluster per stack](https://github.com/aws/aws-cdk/issues/10073) * [Service Account dependencies](https://github.com/aws/aws-cdk/issues/9910) * [Support isolated VPCs](https://github.com/aws/aws-cdk/issues/12171) # API Reference ## Constructs ### AwsAuth Manages mapping between IAM users and roles to Kubernetes RBAC configuration. > [https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html](https://docs.aws.amazon.com/en_us/eks/latest/userguide/add-user-role.html) #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.AwsAuth(scope: Construct, id: string, props: AwsAuthProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | AwsAuthProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* AwsAuthProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | addAccount | Additional AWS account to add to the aws-auth configmap. | | addMastersRole | Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. | | addRoleMapping | Adds a mapping between an IAM role to a Kubernetes user and groups. | | addUserMapping | Adds a mapping between an IAM user to a Kubernetes user and groups. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`addAccount\` \`\`\`typescript public addAccount(accountId: string): void \`\`\` Additional AWS account to add to the aws-auth configmap. ###### \`accountId\`Required - *Type:* string account number. --- ##### \`addMastersRole\` \`\`\`typescript public addMastersRole(role: IRole, username?: string): void \`\`\` Adds the specified IAM role to the \`system:masters\` RBAC group, which means that anyone that can assume it will be able to administer this Kubernetes system. ###### \`role\`Required - *Type:* aws-cdk-lib.aws_iam.IRole The IAM role to add. --- ###### \`username\`Optional - *Type:* string Optional user (defaults to the role ARN). --- ##### \`addRoleMapping\` \`\`\`typescript public addRoleMapping(role: IRole, mapping: AwsAuthMapping): void \`\`\` Adds a mapping between an IAM role to a Kubernetes user and groups. ###### \`role\`Required - *Type:* aws-cdk-lib.aws_iam.IRole The IAM role to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- ##### \`addUserMapping\` \`\`\`typescript public addUserMapping(user: IUser, mapping: AwsAuthMapping): void \`\`\` Adds a mapping between an IAM user to a Kubernetes user and groups. ###### \`user\`Required - *Type:* aws-cdk-lib.aws_iam.IUser The IAM user to map. --- ###### \`mapping\`Required - *Type:* AwsAuthMapping Mapping to k8s user name and groups. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.AwsAuth.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ### CfnAddon - *Implements:* aws-cdk-lib.IInspectable A CloudFormation \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.CfnAddon(scope: Construct, id: string, props: CfnAddonProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnAddonProps | - resource properties. | --- ##### \`scope\`Required - *Type:* constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnAddonProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws-cdk-lib.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws-cdk-lib.RemovalPolicy --- ###### \`options\`Optional - *Type:* aws-cdk-lib.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws-cdk-lib.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnAddon.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- ##### \`isCfnElement\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnAddon.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnAddon.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | aws-cdk-lib.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | aws-cdk-lib.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrArn | string | *No description.* | | tags | aws-cdk-lib.TagManager | \`AWS::EKS::Addon.Tags\`. | | addonName | string | \`AWS::EKS::Addon.AddonName\`. | | clusterName | string | \`AWS::EKS::Addon.ClusterName\`. | | addonVersion | string | \`AWS::EKS::Addon.AddonVersion\`. | | resolveConflicts | string | \`AWS::EKS::Addon.ResolveConflicts\`. | | serviceAccountRoleArn | string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* aws-cdk-lib.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrArn\`Required \`\`\`typescript public readonly attrArn: string; \`\`\` - *Type:* string --- ##### \`tags\`Required \`\`\`typescript public readonly tags: TagManager; \`\`\` - *Type:* aws-cdk-lib.TagManager \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ##### \`addonName\`Required \`\`\`typescript public readonly addonName: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addonVersion\`Optional \`\`\`typescript public readonly addonVersion: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolveConflicts\`Optional \`\`\`typescript public readonly resolveConflicts: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`serviceAccountRoleArn\`Optional \`\`\`typescript public readonly serviceAccountRoleArn: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnCluster - *Implements:* aws-cdk-lib.IInspectable A CloudFormation \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.CfnCluster(scope: Construct, id: string, props: CfnClusterProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnClusterProps | - resource properties. | --- ##### \`scope\`Required - *Type:* constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnClusterProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws-cdk-lib.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws-cdk-lib.RemovalPolicy --- ###### \`options\`Optional - *Type:* aws-cdk-lib.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws-cdk-lib.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnCluster.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- ##### \`isCfnElement\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnCluster.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnCluster.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | aws-cdk-lib.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | aws-cdk-lib.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrArn | string | *No description.* | | attrCertificateAuthorityData | string | *No description.* | | attrClusterSecurityGroupId | string | *No description.* | | attrEncryptionConfigKeyArn | string | *No description.* | | attrEndpoint | string | *No description.* | | attrOpenIdConnectIssuerUrl | string | *No description.* | | resourcesVpcConfig | ResourcesVpcConfigProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | roleArn | string | \`AWS::EKS::Cluster.RoleArn\`. | | encryptionConfig | aws-cdk-lib.IResolvable \\| EncryptionConfigProperty \\| aws-cdk-lib.IResolvable[] | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetesNetworkConfig | KubernetesNetworkConfigProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | string | \`AWS::EKS::Cluster.Name\`. | | version | string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* aws-cdk-lib.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrArn\`Required \`\`\`typescript public readonly attrArn: string; \`\`\` - *Type:* string --- ##### \`attrCertificateAuthorityData\`Required \`\`\`typescript public readonly attrCertificateAuthorityData: string; \`\`\` - *Type:* string --- ##### \`attrClusterSecurityGroupId\`Required \`\`\`typescript public readonly attrClusterSecurityGroupId: string; \`\`\` - *Type:* string --- ##### \`attrEncryptionConfigKeyArn\`Required \`\`\`typescript public readonly attrEncryptionConfigKeyArn: string; \`\`\` - *Type:* string --- ##### \`attrEndpoint\`Required \`\`\`typescript public readonly attrEndpoint: string; \`\`\` - *Type:* string --- ##### \`attrOpenIdConnectIssuerUrl\`Required \`\`\`typescript public readonly attrOpenIdConnectIssuerUrl: string; \`\`\` - *Type:* string --- ##### \`resourcesVpcConfig\`Required \`\`\`typescript public readonly resourcesVpcConfig: ResourcesVpcConfigProperty | IResolvable; \`\`\` - *Type:* ResourcesVpcConfigProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`roleArn\`Required \`\`\`typescript public readonly roleArn: string; \`\`\` - *Type:* string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryptionConfig\`Optional \`\`\`typescript public readonly encryptionConfig: IResolvable | EncryptionConfigProperty | IResolvable[]; \`\`\` - *Type:* aws-cdk-lib.IResolvable | EncryptionConfigProperty | aws-cdk-lib.IResolvable[] \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetesNetworkConfig\`Optional \`\`\`typescript public readonly kubernetesNetworkConfig: KubernetesNetworkConfigProperty | IResolvable; \`\`\` - *Type:* KubernetesNetworkConfigProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional \`\`\`typescript public readonly name: string; \`\`\` - *Type:* string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional \`\`\`typescript public readonly version: string; \`\`\` - *Type:* string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnFargateProfile - *Implements:* aws-cdk-lib.IInspectable A CloudFormation \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.CfnFargateProfile(scope: Construct, id: string, props: CfnFargateProfileProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnFargateProfileProps | - resource properties. | --- ##### \`scope\`Required - *Type:* constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnFargateProfileProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws-cdk-lib.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws-cdk-lib.RemovalPolicy --- ###### \`options\`Optional - *Type:* aws-cdk-lib.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws-cdk-lib.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnFargateProfile.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- ##### \`isCfnElement\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnFargateProfile.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnFargateProfile.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | aws-cdk-lib.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | aws-cdk-lib.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrArn | string | *No description.* | | tags | aws-cdk-lib.TagManager | \`AWS::EKS::FargateProfile.Tags\`. | | clusterName | string | \`AWS::EKS::FargateProfile.ClusterName\`. | | podExecutionRoleArn | string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | aws-cdk-lib.IResolvable \\| SelectorProperty \\| aws-cdk-lib.IResolvable[] | \`AWS::EKS::FargateProfile.Selectors\`. | | fargateProfileName | string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | string[] | \`AWS::EKS::FargateProfile.Subnets\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* aws-cdk-lib.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrArn\`Required \`\`\`typescript public readonly attrArn: string; \`\`\` - *Type:* string --- ##### \`tags\`Required \`\`\`typescript public readonly tags: TagManager; \`\`\` - *Type:* aws-cdk-lib.TagManager \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`podExecutionRoleArn\`Required \`\`\`typescript public readonly podExecutionRoleArn: string; \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required \`\`\`typescript public readonly selectors: IResolvable | SelectorProperty | IResolvable[]; \`\`\` - *Type:* aws-cdk-lib.IResolvable | SelectorProperty | aws-cdk-lib.IResolvable[] \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargateProfileName\`Optional \`\`\`typescript public readonly fargateProfileName: string; \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional \`\`\`typescript public readonly subnets: string[]; \`\`\` - *Type:* string[] \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### CfnNodegroup - *Implements:* aws-cdk-lib.IInspectable A CloudFormation \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.CfnNodegroup(scope: Construct, id: string, props: CfnNodegroupProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | - scope in which this resource is defined. | | id | string | - scoped id of the resource. | | props | CfnNodegroupProps | - resource properties. | --- ##### \`scope\`Required - *Type:* constructs.Construct scope in which this resource is defined. --- ##### \`id\`Required - *Type:* string scoped id of the resource. --- ##### \`props\`Required - *Type:* CfnNodegroupProps resource properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | overrideLogicalId | Overrides the auto-generated logical ID with a specific ID. | | addDeletionOverride | Syntactic sugar for \`addOverride(path, undefined)\`. | | addDependsOn | Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. | | addMetadata | Add a value to the CloudFormation Resource Metadata. | | addOverride | Adds an override to the synthesized CloudFormation resource. | | addPropertyDeletionOverride | Adds an override that deletes the value of a property from the resource definition. | | addPropertyOverride | Adds an override to a resource property. | | applyRemovalPolicy | Sets the deletion policy of the resource based on the removal policy specified. | | getAtt | Returns a token for an runtime attribute of this resource. | | getMetadata | Retrieve a value value from the CloudFormation Resource Metadata. | | inspect | Examines the CloudFormation resource and discloses attributes. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`overrideLogicalId\` \`\`\`typescript public overrideLogicalId(newLogicalId: string): void \`\`\` Overrides the auto-generated logical ID with a specific ID. ###### \`newLogicalId\`Required - *Type:* string The new logical ID to use for this stack element. --- ##### \`addDeletionOverride\` \`\`\`typescript public addDeletionOverride(path: string): void \`\`\` Syntactic sugar for \`addOverride(path, undefined)\`. ###### \`path\`Required - *Type:* string The path of the value to delete. --- ##### \`addDependsOn\` \`\`\`typescript public addDependsOn(target: CfnResource): void \`\`\` Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. This can be used for resources across stacks (or nested stack) boundaries and the dependency will automatically be transferred to the relevant scope. ###### \`target\`Required - *Type:* aws-cdk-lib.CfnResource --- ##### \`addMetadata\` \`\`\`typescript public addMetadata(key: string, value: any): void \`\`\` Add a value to the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ###### \`value\`Required - *Type:* any --- ##### \`addOverride\` \`\`\`typescript public addOverride(path: string, value: any): void \`\`\` Adds an override to the synthesized CloudFormation resource. To add a property override, either use \`addPropertyOverride\` or prefix \`path\` with "Properties." (i.e. \`Properties.TopicName\`). If the override is nested, separate each nested level using a dot (.) in the path parameter. If there is an array as part of the nesting, specify the index in the path. To include a literal \`.\` in the property name, prefix with a \`\\\`. In most programming languages you will need to write this as \`"\\\\."\` because the \`\\\` itself will need to be escaped. For example, \`\`\`typescript cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); \`\`\` would add the overrides \`\`\`json "Properties": { "GlobalSecondaryIndexes": [ { "Projection": { "NonKeyAttributes": [ "myattribute" ] ... } ... }, { "ProjectionType": "INCLUDE" ... }, ] ... } \`\`\` ###### \`path\`Required - *Type:* string The path of the property, you can use dot notation to override values in complex types. Any intermdediate keys will be created as needed. --- ###### \`value\`Required - *Type:* any The value. Could be primitive or complex. --- ##### \`addPropertyDeletionOverride\` \`\`\`typescript public addPropertyDeletionOverride(propertyPath: string): void \`\`\` Adds an override that deletes the value of a property from the resource definition. ###### \`propertyPath\`Required - *Type:* string The path to the property. --- ##### \`addPropertyOverride\` \`\`\`typescript public addPropertyOverride(propertyPath: string, value: any): void \`\`\` Adds an override to a resource property. Syntactic sugar for \`addOverride("Properties.<...>", value)\`. ###### \`propertyPath\`Required - *Type:* string The path of the property. --- ###### \`value\`Required - *Type:* any The value. --- ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy?: RemovalPolicy, options?: RemovalPolicyOptions): void \`\`\` Sets the deletion policy of the resource based on the removal policy specified. ###### \`policy\`Optional - *Type:* aws-cdk-lib.RemovalPolicy --- ###### \`options\`Optional - *Type:* aws-cdk-lib.RemovalPolicyOptions --- ##### \`getAtt\` \`\`\`typescript public getAtt(attributeName: string): Reference \`\`\` Returns a token for an runtime attribute of this resource. Ideally, use generated attribute accessors (e.g. \`resource.arn\`), but this can be used for future compatibility in case there is no generated attribute. ###### \`attributeName\`Required - *Type:* string The name of the attribute. --- ##### \`getMetadata\` \`\`\`typescript public getMetadata(key: string): any \`\`\` Retrieve a value value from the CloudFormation Resource Metadata. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html Note that this is a different set of metadata from CDK node metadata; this metadata ends up in the stack template under the resource, whereas CDK node metadata ends up in the Cloud Assembly.) ###### \`key\`Required - *Type:* string --- ##### \`inspect\` \`\`\`typescript public inspect(inspector: TreeInspector): void \`\`\` Examines the CloudFormation resource and discloses attributes. ###### \`inspector\`Required - *Type:* aws-cdk-lib.TreeInspector tree inspector to collect and process attributes. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isCfnElement | Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). | | isCfnResource | Check whether the given construct is a CfnResource. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnNodegroup.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- ##### \`isCfnElement\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnNodegroup.isCfnElement(x: any) \`\`\` Returns \`true\` if a construct is a stack element (i.e. part of the synthesized cloudformation template). Uses duck-typing instead of \`instanceof\` to allow stack elements from different versions of this library to be included in the same stack. ###### \`x\`Required - *Type:* any --- ##### \`isCfnResource\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.CfnNodegroup.isCfnResource(construct: IConstruct) \`\`\` Check whether the given construct is a CfnResource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | creationStack | string[] | *No description.* | | logicalId | string | The logical ID for this CloudFormation stack element. | | stack | aws-cdk-lib.Stack | The stack in which this element is defined. | | ref | string | Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. | | cfnOptions | aws-cdk-lib.ICfnResourceOptions | Options for this resource, such as condition, update policy etc. | | cfnResourceType | string | AWS resource type. | | attrArn | string | *No description.* | | attrClusterName | string | *No description.* | | attrNodegroupName | string | *No description.* | | tags | aws-cdk-lib.TagManager | \`AWS::EKS::Nodegroup.Tags\`. | | clusterName | string | \`AWS::EKS::Nodegroup.ClusterName\`. | | labels | any | \`AWS::EKS::Nodegroup.Labels\`. | | nodeRole | string | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | string[] | \`AWS::EKS::Nodegroup.Subnets\`. | | amiType | string | \`AWS::EKS::Nodegroup.AmiType\`. | | capacityType | string | \`AWS::EKS::Nodegroup.CapacityType\`. | | diskSize | number | \`AWS::EKS::Nodegroup.DiskSize\`. | | forceUpdateEnabled | boolean \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instanceTypes | string[] | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | launchTemplate | LaunchTemplateSpecificationProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroupName | string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | releaseVersion | string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remoteAccess | RemoteAccessProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scalingConfig | ScalingConfigProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | taints | aws-cdk-lib.IResolvable \\| TaintProperty \\| aws-cdk-lib.IResolvable[] | \`AWS::EKS::Nodegroup.Taints\`. | | version | string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`creationStack\`Required \`\`\`typescript public readonly creationStack: string[]; \`\`\` - *Type:* string[] --- ##### \`logicalId\`Required \`\`\`typescript public readonly logicalId: string; \`\`\` - *Type:* string The logical ID for this CloudFormation stack element. The logical ID of the element is calculated from the path of the resource node in the construct tree. To override this value, use \`overrideLogicalId(newLogicalId)\`. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this element is defined. CfnElements must be defined within a stack scope (directly or indirectly). --- ##### \`ref\`Required \`\`\`typescript public readonly ref: string; \`\`\` - *Type:* string Return a string that will be resolved to a CloudFormation \`{ Ref }\` for this element. If, by any chance, the intrinsic reference of a resource is not a string, you could coerce it to an IResolvable through \`Lazy.any({ produce: resource.ref })\`. --- ##### \`cfnOptions\`Required \`\`\`typescript public readonly cfnOptions: ICfnResourceOptions; \`\`\` - *Type:* aws-cdk-lib.ICfnResourceOptions Options for this resource, such as condition, update policy etc. --- ##### \`cfnResourceType\`Required \`\`\`typescript public readonly cfnResourceType: string; \`\`\` - *Type:* string AWS resource type. --- ##### \`attrArn\`Required \`\`\`typescript public readonly attrArn: string; \`\`\` - *Type:* string --- ##### \`attrClusterName\`Required \`\`\`typescript public readonly attrClusterName: string; \`\`\` - *Type:* string --- ##### \`attrNodegroupName\`Required \`\`\`typescript public readonly attrNodegroupName: string; \`\`\` - *Type:* string --- ##### \`tags\`Required \`\`\`typescript public readonly tags: TagManager; \`\`\` - *Type:* aws-cdk-lib.TagManager \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`labels\`Required \`\`\`typescript public readonly labels: any; \`\`\` - *Type:* any \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`nodeRole\`Required \`\`\`typescript public readonly nodeRole: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required \`\`\`typescript public readonly subnets: string[]; \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`amiType\`Optional \`\`\`typescript public readonly amiType: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacityType\`Optional \`\`\`typescript public readonly capacityType: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`diskSize\`Optional \`\`\`typescript public readonly diskSize: number; \`\`\` - *Type:* number \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`forceUpdateEnabled\`Optional \`\`\`typescript public readonly forceUpdateEnabled: boolean | IResolvable; \`\`\` - *Type:* boolean | aws-cdk-lib.IResolvable \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instanceTypes\`Optional \`\`\`typescript public readonly instanceTypes: string[]; \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`launchTemplate\`Optional \`\`\`typescript public readonly launchTemplate: LaunchTemplateSpecificationProperty | IResolvable; \`\`\` - *Type:* LaunchTemplateSpecificationProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroupName\`Optional \`\`\`typescript public readonly nodegroupName: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`releaseVersion\`Optional \`\`\`typescript public readonly releaseVersion: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remoteAccess\`Optional \`\`\`typescript public readonly remoteAccess: RemoteAccessProperty | IResolvable; \`\`\` - *Type:* RemoteAccessProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scalingConfig\`Optional \`\`\`typescript public readonly scalingConfig: ScalingConfigProperty | IResolvable; \`\`\` - *Type:* ScalingConfigProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`taints\`Optional \`\`\`typescript public readonly taints: IResolvable | TaintProperty | IResolvable[]; \`\`\` - *Type:* aws-cdk-lib.IResolvable | TaintProperty | aws-cdk-lib.IResolvable[] \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional \`\`\`typescript public readonly version: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | CFN_RESOURCE_TYPE_NAME | string | The CloudFormation resource type name for this resource class. | --- ##### \`CFN_RESOURCE_TYPE_NAME\`Required \`\`\`typescript public readonly CFN_RESOURCE_TYPE_NAME: string; \`\`\` - *Type:* string The CloudFormation resource type name for this resource class. --- ### Cluster - *Implements:* ICluster A Cluster represents a managed Kubernetes Service (EKS). This is a fully managed cluster of API Servers (control-plane) The user is still required to create the worker nodes. #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.Cluster(scope: Construct, id: string, props: ClusterProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | a Construct, most likely a cdk.Stack created. | | id | string | the id of the Construct to create. | | props | ClusterProps | properties in the IClusterProps interface. | --- ##### \`scope\`Required - *Type:* constructs.Construct a Construct, most likely a cdk.Stack created. --- ##### \`id\`Required - *Type:* string the id of the Construct to create. --- ##### \`props\`Required - *Type:* ClusterProps properties in the IClusterProps interface. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | addCdk8sChart | Defines a CDK8s chart in this cluster. | | addFargateProfile | Adds a Fargate profile to this cluster. | | addHelmChart | Defines a Helm chart in this cluster. | | addManifest | Defines a Kubernetes resource in this cluster. | | addNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | addServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | connectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | getServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy: RemovalPolicy): void \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws-cdk-lib.RemovalPolicy --- ##### \`addAutoScalingGroupCapacity\` \`\`\`typescript public addAutoScalingGroupCapacity(id: string, options: AutoScalingGroupCapacityOptions): AutoScalingGroup \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* string --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`addCdk8sChart\` \`\`\`typescript public addCdk8sChart(id: string, chart: Construct): KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* string logical id of this chart. --- ###### \`chart\`Required - *Type:* constructs.Construct the cdk8s chart. --- ##### \`addFargateProfile\` \`\`\`typescript public addFargateProfile(id: string, options: FargateProfileOptions): FargateProfile \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* string the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`addHelmChart\` \`\`\`typescript public addHelmChart(id: string, options: HelmChartOptions): HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* string logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`addManifest\` \`\`\`typescript public addManifest(id: string, manifest: {[ key: string ]: any}): KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* string logical id of this manifest. --- ###### \`manifest\`Required - *Type:* {[ key: string ]: any} a list of Kubernetes resource specifications. --- ##### \`addNodegroupCapacity\` \`\`\`typescript public addNodegroupCapacity(id: string, options?: NodegroupOptions): Nodegroup \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* string The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`addServiceAccount\` \`\`\`typescript public addServiceAccount(id: string, options?: ServiceAccountOptions): ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* string --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`connectAutoScalingGroupCapacity\` \`\`\`typescript public connectAutoScalingGroupCapacity(autoScalingGroup: AutoScalingGroup, options: AutoScalingGroupOptions): void \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* aws-cdk-lib.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`getServiceLoadBalancerAddress\` \`\`\`typescript public getServiceLoadBalancerAddress(serviceName: string, options?: ServiceLoadBalancerAddressOptions): string \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* string The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isResource | Check whether the given construct is a Resource. | | fromClusterAttributes | Import an existing cluster. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.Cluster.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- ##### \`isResource\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.Cluster.isResource(construct: IConstruct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- ##### \`fromClusterAttributes\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.Cluster.fromClusterAttributes(scope: Construct, id: string, attrs: ClusterAttributes) \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* constructs.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* string the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. | | stack | aws-cdk-lib.Stack | The stack in which this resource is defined. | | adminRole | aws-cdk-lib.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | awsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | clusterArn | string | The AWS generated ARN for the Cluster resource. | | clusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | string | The endpoint URL for the Cluster. | | clusterName | string | The Name of the created EKS Cluster. | | clusterOpenIdConnectIssuer | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | clusterOpenIdConnectIssuerUrl | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | clusterSecurityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | clusterSecurityGroupId | string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | connections | aws-cdk-lib.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | openIdConnectProvider | aws-cdk-lib.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | prune | boolean | Determines if Kubernetes resources can be pruned automatically. | | role | aws-cdk-lib.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC in which this Cluster was created. | | defaultCapacity | aws-cdk-lib.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | defaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | kubectlEnvironment | {[ key: string ]: string} | Custom environment variables when running \`kubectl\` against this cluster. | | kubectlLayer | aws-cdk-lib.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | kubectlMemory | aws-cdk-lib.Size | The amount of memory allocated to the kubectl provider's lambda function. | | kubectlPrivateSubnets | aws-cdk-lib.aws_ec2.ISubnet[] | Subnets to host the \`kubectl\` compute resources. | | kubectlRole | aws-cdk-lib.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectlSecurityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* aws-cdk-lib.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this resource is defined. --- ##### \`adminRole\`Required \`\`\`typescript public readonly adminRole: Role; \`\`\` - *Type:* aws-cdk-lib.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`awsAuth\`Required \`\`\`typescript public readonly awsAuth: AwsAuth; \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`clusterArn\`Required \`\`\`typescript public readonly clusterArn: string; \`\`\` - *Type:* string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`typescript arn:aws:eks:us-west-2:666666666666:cluster/prod \`\`\` ##### \`clusterCertificateAuthorityData\`Required \`\`\`typescript public readonly clusterCertificateAuthorityData: string; \`\`\` - *Type:* string The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Required \`\`\`typescript public readonly clusterEncryptionConfigKeyArn: string; \`\`\` - *Type:* string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Required \`\`\`typescript public readonly clusterEndpoint: string; \`\`\` - *Type:* string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`typescript https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com \`\`\` ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string The Name of the created EKS Cluster. --- ##### \`clusterOpenIdConnectIssuer\`Required \`\`\`typescript public readonly clusterOpenIdConnectIssuer: string; \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterOpenIdConnectIssuerUrl\`Required \`\`\`typescript public readonly clusterOpenIdConnectIssuerUrl: string; \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterSecurityGroup\`Required \`\`\`typescript public readonly clusterSecurityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`clusterSecurityGroupId\`Required \`\`\`typescript public readonly clusterSecurityGroupId: string; \`\`\` - *Type:* string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`connections\`Required \`\`\`typescript public readonly connections: Connections; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`openIdConnectProvider\`Required \`\`\`typescript public readonly openIdConnectProvider: IOpenIdConnectProvider; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`prune\`Required \`\`\`typescript public readonly prune: boolean; \`\`\` - *Type:* boolean Determines if Kubernetes resources can be pruned automatically. --- ##### \`role\`Required \`\`\`typescript public readonly role: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`vpc\`Required \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`defaultCapacity\`Optional \`\`\`typescript public readonly defaultCapacity: AutoScalingGroup; \`\`\` - *Type:* aws-cdk-lib.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`defaultNodegroup\`Optional \`\`\`typescript public readonly defaultNodegroup: Nodegroup; \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`kubectlEnvironment\`Optional \`\`\`typescript public readonly kubectlEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`typescript public readonly kubectlLayer: ILayerVersion; \`\`\` - *Type:* aws-cdk-lib.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`kubectlMemory\`Optional \`\`\`typescript public readonly kubectlMemory: Size; \`\`\` - *Type:* aws-cdk-lib.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`kubectlPrivateSubnets\`Optional \`\`\`typescript public readonly kubectlPrivateSubnets: ISubnet[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISubnet[] - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`kubectlRole\`Optional \`\`\`typescript public readonly kubectlRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectlSecurityGroup\`Optional \`\`\`typescript public readonly kubectlSecurityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateCluster Defines an EKS cluster that runs entirely on AWS Fargate. The cluster is created with a default Fargate Profile that matches the "default" and "kube-system" namespaces. You can add additional profiles using \`addFargateProfile\`. #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.FargateCluster(scope: Construct, id: string, props: FargateClusterProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | FargateClusterProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* FargateClusterProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | | addAutoScalingGroupCapacity | Add nodes to this EKS cluster. | | addCdk8sChart | Defines a CDK8s chart in this cluster. | | addFargateProfile | Adds a Fargate profile to this cluster. | | addHelmChart | Defines a Helm chart in this cluster. | | addManifest | Defines a Kubernetes resource in this cluster. | | addNodegroupCapacity | Add managed nodegroup to this Amazon EKS cluster. | | addServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | | connectAutoScalingGroupCapacity | Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. | | getServiceLoadBalancerAddress | Fetch the load balancer address of a service of type 'LoadBalancer'. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy: RemovalPolicy): void \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws-cdk-lib.RemovalPolicy --- ##### \`addAutoScalingGroupCapacity\` \`\`\`typescript public addAutoScalingGroupCapacity(id: string, options: AutoScalingGroupCapacityOptions): AutoScalingGroup \`\`\` Add nodes to this EKS cluster. The nodes will automatically be configured with the right VPC and AMI for the instance type and Kubernetes version. Note that if you specify \`updateType: RollingUpdate\` or \`updateType: ReplacingUpdate\`, your nodes might be replaced at deploy time without notice in case the recommended AMI for your machine image type has been updated by AWS. The default behavior for \`updateType\` is \`None\`, which means only new instances will be launched using the new AMI. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. In addition, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). ###### \`id\`Required - *Type:* string --- ###### \`options\`Required - *Type:* AutoScalingGroupCapacityOptions --- ##### \`addCdk8sChart\` \`\`\`typescript public addCdk8sChart(id: string, chart: Construct): KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* string logical id of this chart. --- ###### \`chart\`Required - *Type:* constructs.Construct the cdk8s chart. --- ##### \`addFargateProfile\` \`\`\`typescript public addFargateProfile(id: string, options: FargateProfileOptions): FargateProfile \`\`\` Adds a Fargate profile to this cluster. > [https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html](https://docs.aws.amazon.com/eks/latest/userguide/fargate-profile.html) ###### \`id\`Required - *Type:* string the id of this profile. --- ###### \`options\`Required - *Type:* FargateProfileOptions profile options. --- ##### \`addHelmChart\` \`\`\`typescript public addHelmChart(id: string, options: HelmChartOptions): HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* string logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`addManifest\` \`\`\`typescript public addManifest(id: string, manifest: {[ key: string ]: any}): KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* string logical id of this manifest. --- ###### \`manifest\`Required - *Type:* {[ key: string ]: any} a list of Kubernetes resource specifications. --- ##### \`addNodegroupCapacity\` \`\`\`typescript public addNodegroupCapacity(id: string, options?: NodegroupOptions): Nodegroup \`\`\` Add managed nodegroup to this Amazon EKS cluster. This method will create a new managed nodegroup and add into the capacity. > [https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) ###### \`id\`Required - *Type:* string The ID of the nodegroup. --- ###### \`options\`Optional - *Type:* NodegroupOptions options for creating a new nodegroup. --- ##### \`addServiceAccount\` \`\`\`typescript public addServiceAccount(id: string, options?: ServiceAccountOptions): ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* string --- ###### \`options\`Optional - *Type:* ServiceAccountOptions --- ##### \`connectAutoScalingGroupCapacity\` \`\`\`typescript public connectAutoScalingGroupCapacity(autoScalingGroup: AutoScalingGroup, options: AutoScalingGroupOptions): void \`\`\` Connect capacity in the form of an existing AutoScalingGroup to the EKS cluster. The AutoScalingGroup must be running an EKS-optimized AMI containing the /etc/eks/bootstrap.sh script. This method will configure Security Groups, add the right policies to the instance role, apply the right tags, and add the required user data to the instance's launch configuration. Spot instances will be labeled \`lifecycle=Ec2Spot\` and tainted with \`PreferNoSchedule\`. If kubectl is enabled, the [spot interrupt handler](https://github.com/awslabs/ec2-spot-labs/tree/master/ec2-spot-eks-solution/spot-termination-handler) daemon will be installed on all spot instances to handle [EC2 Spot Instance Termination Notices](https://aws.amazon.com/blogs/aws/new-ec2-spot-instance-termination-notices/). Prefer to use \`addAutoScalingGroupCapacity\` if possible. > [https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) ###### \`autoScalingGroup\`Required - *Type:* aws-cdk-lib.aws_autoscaling.AutoScalingGroup [disable-awslint:ref-via-interface]. --- ###### \`options\`Required - *Type:* AutoScalingGroupOptions options for adding auto scaling groups, like customizing the bootstrap script. --- ##### \`getServiceLoadBalancerAddress\` \`\`\`typescript public getServiceLoadBalancerAddress(serviceName: string, options?: ServiceLoadBalancerAddressOptions): string \`\`\` Fetch the load balancer address of a service of type 'LoadBalancer'. ###### \`serviceName\`Required - *Type:* string The name of the service. --- ###### \`options\`Optional - *Type:* ServiceLoadBalancerAddressOptions Additional operation options. --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isResource | Check whether the given construct is a Resource. | | fromClusterAttributes | Import an existing cluster. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.FargateCluster.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- ##### \`isResource\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.FargateCluster.isResource(construct: IConstruct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- ##### \`fromClusterAttributes\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.FargateCluster.fromClusterAttributes(scope: Construct, id: string, attrs: ClusterAttributes) \`\`\` Import an existing cluster. ###### \`scope\`Required - *Type:* constructs.Construct the construct scope, in most cases 'this'. --- ###### \`id\`Required - *Type:* string the id or name to import as. --- ###### \`attrs\`Required - *Type:* ClusterAttributes the cluster properties to use for importing information. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. | | stack | aws-cdk-lib.Stack | The stack in which this resource is defined. | | adminRole | aws-cdk-lib.aws_iam.Role | An IAM role with administrative permissions to create or update the cluster. | | awsAuth | AwsAuth | Lazily creates the AwsAuth resource, which manages AWS authentication mapping. | | clusterArn | string | The AWS generated ARN for the Cluster resource. | | clusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | string | The endpoint URL for the Cluster. | | clusterName | string | The Name of the created EKS Cluster. | | clusterOpenIdConnectIssuer | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer. | | clusterOpenIdConnectIssuerUrl | string | If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. | | clusterSecurityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | clusterSecurityGroupId | string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | connections | aws-cdk-lib.aws_ec2.Connections | Manages connection rules (Security Group Rules) for the cluster. | | openIdConnectProvider | aws-cdk-lib.aws_iam.IOpenIdConnectProvider | An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. | | prune | boolean | Determines if Kubernetes resources can be pruned automatically. | | role | aws-cdk-lib.aws_iam.IRole | IAM role assumed by the EKS Control Plane. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC in which this Cluster was created. | | defaultCapacity | aws-cdk-lib.aws_autoscaling.AutoScalingGroup | The auto scaling group that hosts the default capacity for this cluster. | | defaultNodegroup | Nodegroup | The node group that hosts the default capacity for this cluster. | | kubectlEnvironment | {[ key: string ]: string} | Custom environment variables when running \`kubectl\` against this cluster. | | kubectlLayer | aws-cdk-lib.aws_lambda.ILayerVersion | The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. | | kubectlMemory | aws-cdk-lib.Size | The amount of memory allocated to the kubectl provider's lambda function. | | kubectlPrivateSubnets | aws-cdk-lib.aws_ec2.ISubnet[] | Subnets to host the \`kubectl\` compute resources. | | kubectlRole | aws-cdk-lib.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectlSecurityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* aws-cdk-lib.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this resource is defined. --- ##### \`adminRole\`Required \`\`\`typescript public readonly adminRole: Role; \`\`\` - *Type:* aws-cdk-lib.aws_iam.Role An IAM role with administrative permissions to create or update the cluster. This role also has \`systems:master\` permissions. --- ##### \`awsAuth\`Required \`\`\`typescript public readonly awsAuth: AwsAuth; \`\`\` - *Type:* AwsAuth Lazily creates the AwsAuth resource, which manages AWS authentication mapping. --- ##### \`clusterArn\`Required \`\`\`typescript public readonly clusterArn: string; \`\`\` - *Type:* string The AWS generated ARN for the Cluster resource. --- *Example* \`\`\`typescript arn:aws:eks:us-west-2:666666666666:cluster/prod \`\`\` ##### \`clusterCertificateAuthorityData\`Required \`\`\`typescript public readonly clusterCertificateAuthorityData: string; \`\`\` - *Type:* string The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Required \`\`\`typescript public readonly clusterEncryptionConfigKeyArn: string; \`\`\` - *Type:* string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Required \`\`\`typescript public readonly clusterEndpoint: string; \`\`\` - *Type:* string The endpoint URL for the Cluster. This is the URL inside the kubeconfig file to use with kubectl --- *Example* \`\`\`typescript https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com \`\`\` ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string The Name of the created EKS Cluster. --- ##### \`clusterOpenIdConnectIssuer\`Required \`\`\`typescript public readonly clusterOpenIdConnectIssuer: string; \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterOpenIdConnectIssuerUrl\`Required \`\`\`typescript public readonly clusterOpenIdConnectIssuerUrl: string; \`\`\` - *Type:* string If this cluster is kubectl-enabled, returns the OpenID Connect issuer url. This is because the values is only be retrieved by the API and not exposed by CloudFormation. If this cluster is not kubectl-enabled (i.e. uses the stock \`CfnCluster\`), this is \`undefined\`. --- ##### \`clusterSecurityGroup\`Required \`\`\`typescript public readonly clusterSecurityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`clusterSecurityGroupId\`Required \`\`\`typescript public readonly clusterSecurityGroupId: string; \`\`\` - *Type:* string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`connections\`Required \`\`\`typescript public readonly connections: Connections; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.Connections Manages connection rules (Security Group Rules) for the cluster. --- ##### \`openIdConnectProvider\`Required \`\`\`typescript public readonly openIdConnectProvider: IOpenIdConnectProvider; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IOpenIdConnectProvider An \`OpenIdConnectProvider\` resource associated with this cluster, and which can be used to link this cluster to AWS IAM. A provider will only be defined if this property is accessed (lazy initialization). --- ##### \`prune\`Required \`\`\`typescript public readonly prune: boolean; \`\`\` - *Type:* boolean Determines if Kubernetes resources can be pruned automatically. --- ##### \`role\`Required \`\`\`typescript public readonly role: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole IAM role assumed by the EKS Control Plane. --- ##### \`vpc\`Required \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`defaultCapacity\`Optional \`\`\`typescript public readonly defaultCapacity: AutoScalingGroup; \`\`\` - *Type:* aws-cdk-lib.aws_autoscaling.AutoScalingGroup The auto scaling group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is not \`EC2\` or \`defaultCapacityType\` is \`EC2\` but default capacity is set to 0. --- ##### \`defaultNodegroup\`Optional \`\`\`typescript public readonly defaultNodegroup: Nodegroup; \`\`\` - *Type:* Nodegroup The node group that hosts the default capacity for this cluster. This will be \`undefined\` if the \`defaultCapacityType\` is \`EC2\` or \`defaultCapacityType\` is \`NODEGROUP\` but default capacity is set to 0. --- ##### \`kubectlEnvironment\`Optional \`\`\`typescript public readonly kubectlEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`typescript public readonly kubectlLayer: ILayerVersion; \`\`\` - *Type:* aws-cdk-lib.aws_lambda.ILayerVersion The AWS Lambda layer that contains \`kubectl\`, \`helm\` and the AWS CLI. If undefined, a SAR app that contains this layer will be used. --- ##### \`kubectlMemory\`Optional \`\`\`typescript public readonly kubectlMemory: Size; \`\`\` - *Type:* aws-cdk-lib.Size The amount of memory allocated to the kubectl provider's lambda function. --- ##### \`kubectlPrivateSubnets\`Optional \`\`\`typescript public readonly kubectlPrivateSubnets: ISubnet[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISubnet[] - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. Subnets to host the \`kubectl\` compute resources. --- ##### \`kubectlRole\`Optional \`\`\`typescript public readonly kubectlRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectlSecurityGroup\`Optional \`\`\`typescript public readonly kubectlSecurityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup - *Default:* If not specified, the k8s endpoint is expected to be accessible publicly. A security group to use for \`kubectl\` execution. --- ### FargateProfile - *Implements:* aws-cdk-lib.ITaggable Fargate profiles allows an administrator to declare which pods run on Fargate. This declaration is done through the profile’s selectors. Each profile can have up to five selectors that contain a namespace and optional labels. You must define a namespace for every selector. The label field consists of multiple optional key-value pairs. Pods that match a selector (by matching a namespace for the selector and all of the labels specified in the selector) are scheduled on Fargate. If a namespace selector is defined without any labels, Amazon EKS will attempt to schedule all pods that run in that namespace onto Fargate using the profile. If a to-be-scheduled pod matches any of the selectors in the Fargate profile, then that pod is scheduled on Fargate. If a pod matches multiple Fargate profiles, Amazon EKS picks one of the matches at random. In this case, you can specify which profile a pod should use by adding the following Kubernetes label to the pod specification: eks.amazonaws.com/fargate-profile: profile_name. However, the pod must still match a selector in that profile in order to be scheduled onto Fargate. #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.FargateProfile(scope: Construct, id: string, props: FargateProfileProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | FargateProfileProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* FargateProfileProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.FargateProfile.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | fargateProfileArn | string | The full Amazon Resource Name (ARN) of the Fargate profile. | | fargateProfileName | string | The name of the Fargate profile. | | podExecutionRole | aws-cdk-lib.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | tags | aws-cdk-lib.TagManager | Resource tags. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`fargateProfileArn\`Required \`\`\`typescript public readonly fargateProfileArn: string; \`\`\` - *Type:* string The full Amazon Resource Name (ARN) of the Fargate profile. --- ##### \`fargateProfileName\`Required \`\`\`typescript public readonly fargateProfileName: string; \`\`\` - *Type:* string The name of the Fargate profile. --- ##### \`podExecutionRole\`Required \`\`\`typescript public readonly podExecutionRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. --- ##### \`tags\`Required \`\`\`typescript public readonly tags: TagManager; \`\`\` - *Type:* aws-cdk-lib.TagManager Resource tags. --- ### HelmChart Represents a helm chart within the Kubernetes system. Applies/deletes the resources using \`kubectl\` in sync with the resource. #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.HelmChart(scope: Construct, id: string, props: HelmChartProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | HelmChartProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* HelmChartProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.HelmChart.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | string | The CloudFormation resource type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`typescript public readonly RESOURCE_TYPE: string; \`\`\` - *Type:* string The CloudFormation resource type. --- ### KubernetesManifest Represents a manifest within the Kubernetes system. Alternatively, you can use \`cluster.addManifest(resource[, resource, ...])\` to define resources on this cluster. Applies/deletes the manifest using \`kubectl\`. #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.KubernetesManifest(scope: Construct, id: string, props: KubernetesManifestProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | KubernetesManifestProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* KubernetesManifestProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.KubernetesManifest.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | string | The CloudFormation reosurce type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`typescript public readonly RESOURCE_TYPE: string; \`\`\` - *Type:* string The CloudFormation reosurce type. --- ### KubernetesObjectValue Represents a value of a specific object deployed in the cluster. Use this to fetch any information available by the \`kubectl get\` command. #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.KubernetesObjectValue(scope: Construct, id: string, props: KubernetesObjectValueProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | KubernetesObjectValueProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* KubernetesObjectValueProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.KubernetesObjectValue.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | value | string | The value as a string token. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`value\`Required \`\`\`typescript public readonly value: string; \`\`\` - *Type:* string The value as a string token. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | RESOURCE_TYPE | string | The CloudFormation reosurce type. | --- ##### \`RESOURCE_TYPE\`Required \`\`\`typescript public readonly RESOURCE_TYPE: string; \`\`\` - *Type:* string The CloudFormation reosurce type. --- ### KubernetesPatch A CloudFormation resource which applies/restores a JSON patch into a Kubernetes resource. > [https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/](https://kubernetes.io/docs/tasks/run-application/update-api-object-kubectl-patch/) #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.KubernetesPatch(scope: Construct, id: string, props: KubernetesPatchProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | KubernetesPatchProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* KubernetesPatchProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.KubernetesPatch.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ### Nodegroup - *Implements:* INodegroup The Nodegroup resource class. #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.Nodegroup(scope: Construct, id: string, props: NodegroupProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | NodegroupProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* NodegroupProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy: RemovalPolicy): void \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws-cdk-lib.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isResource | Check whether the given construct is a Resource. | | fromNodegroupName | Import the Nodegroup from attributes. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.Nodegroup.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- ##### \`isResource\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.Nodegroup.isResource(construct: IConstruct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- ##### \`fromNodegroupName\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.Nodegroup.fromNodegroupName(scope: Construct, id: string, nodegroupName: string) \`\`\` Import the Nodegroup from attributes. ###### \`scope\`Required - *Type:* constructs.Construct --- ###### \`id\`Required - *Type:* string --- ###### \`nodegroupName\`Required - *Type:* string --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. | | stack | aws-cdk-lib.Stack | The stack in which this resource is defined. | | cluster | ICluster | the Amazon EKS cluster resource. | | nodegroupArn | string | ARN of the nodegroup. | | nodegroupName | string | Nodegroup name. | | role | aws-cdk-lib.aws_iam.IRole | IAM role of the instance profile for the nodegroup. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* aws-cdk-lib.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this resource is defined. --- ##### \`cluster\`Required \`\`\`typescript public readonly cluster: ICluster; \`\`\` - *Type:* ICluster the Amazon EKS cluster resource. --- ##### \`nodegroupArn\`Required \`\`\`typescript public readonly nodegroupArn: string; \`\`\` - *Type:* string ARN of the nodegroup. --- ##### \`nodegroupName\`Required \`\`\`typescript public readonly nodegroupName: string; \`\`\` - *Type:* string Nodegroup name. --- ##### \`role\`Required \`\`\`typescript public readonly role: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole IAM role of the instance profile for the nodegroup. --- ### OpenIdConnectProvider IAM OIDC identity providers are entities in IAM that describe an external identity provider (IdP) service that supports the OpenID Connect (OIDC) standard, such as Google or Salesforce. You use an IAM OIDC identity provider when you want to establish trust between an OIDC-compatible IdP and your AWS account. This implementation has default values for thumbprints and clientIds props that will be compatible with the eks cluster > [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html) #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.OpenIdConnectProvider(scope: Construct, id: string, props: OpenIdConnectProviderProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | The definition scope. | | id | string | Construct ID. | | props | OpenIdConnectProviderProps | Initialization properties. | --- ##### \`scope\`Required - *Type:* constructs.Construct The definition scope. --- ##### \`id\`Required - *Type:* string Construct ID. --- ##### \`props\`Required - *Type:* OpenIdConnectProviderProps Initialization properties. --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | applyRemovalPolicy | Apply the given removal policy to this resource. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`applyRemovalPolicy\` \`\`\`typescript public applyRemovalPolicy(policy: RemovalPolicy): void \`\`\` Apply the given removal policy to this resource. The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced. The resource can be deleted (\`RemovalPolicy.DELETE\`), or left in your AWS account for data recovery and cleanup later (\`RemovalPolicy.RETAIN\`). ###### \`policy\`Required - *Type:* aws-cdk-lib.RemovalPolicy --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | | isResource | Check whether the given construct is a Resource. | | fromOpenIdConnectProviderArn | Imports an Open ID connect provider from an ARN. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.OpenIdConnectProvider.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- ##### \`isResource\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.OpenIdConnectProvider.isResource(construct: IConstruct) \`\`\` Check whether the given construct is a Resource. ###### \`construct\`Required - *Type:* constructs.IConstruct --- ##### \`fromOpenIdConnectProviderArn\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.OpenIdConnectProvider.fromOpenIdConnectProviderArn(scope: Construct, id: string, openIdConnectProviderArn: string) \`\`\` Imports an Open ID connect provider from an ARN. ###### \`scope\`Required - *Type:* constructs.Construct The definition scope. --- ###### \`id\`Required - *Type:* string ID of the construct. --- ###### \`openIdConnectProviderArn\`Required - *Type:* string the ARN to import. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. | | stack | aws-cdk-lib.Stack | The stack in which this resource is defined. | | openIdConnectProviderArn | string | The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. | | openIdConnectProviderIssuer | string | The issuer for OIDC Provider. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* aws-cdk-lib.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this resource is defined. --- ##### \`openIdConnectProviderArn\`Required \`\`\`typescript public readonly openIdConnectProviderArn: string; \`\`\` - *Type:* string The Amazon Resource Name (ARN) of the IAM OpenID Connect provider. --- ##### \`openIdConnectProviderIssuer\`Required \`\`\`typescript public readonly openIdConnectProviderIssuer: string; \`\`\` - *Type:* string The issuer for OIDC Provider. --- ### ServiceAccount - *Implements:* aws-cdk-lib.aws_iam.IPrincipal Service Account. #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.ServiceAccount(scope: Construct, id: string, props: ServiceAccountProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | scope | constructs.Construct | *No description.* | | id | string | *No description.* | | props | ServiceAccountProps | *No description.* | --- ##### \`scope\`Required - *Type:* constructs.Construct --- ##### \`id\`Required - *Type:* string --- ##### \`props\`Required - *Type:* ServiceAccountProps --- #### Methods | **Name** | **Description** | | --- | --- | | toString | Returns a string representation of this construct. | | addToPrincipalPolicy | Add to the policy of this principal. | --- ##### \`toString\` \`\`\`typescript public toString(): string \`\`\` Returns a string representation of this construct. ##### \`addToPrincipalPolicy\` \`\`\`typescript public addToPrincipalPolicy(statement: PolicyStatement): AddToPrincipalPolicyResult \`\`\` Add to the policy of this principal. ###### \`statement\`Required - *Type:* aws-cdk-lib.aws_iam.PolicyStatement --- #### Static Functions | **Name** | **Description** | | --- | --- | | isConstruct | Checks if \`x\` is a construct. | --- ##### ~~\`isConstruct\`~~ \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.ServiceAccount.isConstruct(x: any) \`\`\` Checks if \`x\` is a construct. ###### \`x\`Required - *Type:* any Any object. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | assumeRoleAction | string | When this Principal is used in an AssumeRole policy, the action to use. | | grantPrincipal | aws-cdk-lib.aws_iam.IPrincipal | The principal to grant permissions to. | | policyFragment | aws-cdk-lib.aws_iam.PrincipalPolicyFragment | Return the policy fragment that identifies this principal in a Policy. | | role | aws-cdk-lib.aws_iam.IRole | The role which is linked to the service account. | | serviceAccountName | string | The name of the service account. | | serviceAccountNamespace | string | The namespace where the service account is located in. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`assumeRoleAction\`Required \`\`\`typescript public readonly assumeRoleAction: string; \`\`\` - *Type:* string When this Principal is used in an AssumeRole policy, the action to use. --- ##### \`grantPrincipal\`Required \`\`\`typescript public readonly grantPrincipal: IPrincipal; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IPrincipal The principal to grant permissions to. --- ##### \`policyFragment\`Required \`\`\`typescript public readonly policyFragment: PrincipalPolicyFragment; \`\`\` - *Type:* aws-cdk-lib.aws_iam.PrincipalPolicyFragment Return the policy fragment that identifies this principal in a Policy. --- ##### \`role\`Required \`\`\`typescript public readonly role: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole The role which is linked to the service account. --- ##### \`serviceAccountName\`Required \`\`\`typescript public readonly serviceAccountName: string; \`\`\` - *Type:* string The name of the service account. --- ##### \`serviceAccountNamespace\`Required \`\`\`typescript public readonly serviceAccountNamespace: string; \`\`\` - *Type:* string The namespace where the service account is located in. --- ## Structs ### AutoScalingGroupCapacityOptions Options for adding worker nodes. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const autoScalingGroupCapacityOptions: aws_eks.AutoScalingGroupCapacityOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | allowAllOutbound | boolean | Whether the instances can initiate connections to anywhere by default. | | associatePublicIpAddress | boolean | Whether instances in the Auto Scaling Group should have public IP addresses associated with them. | | autoScalingGroupName | string | The name of the Auto Scaling group. | | blockDevices | aws-cdk-lib.aws_autoscaling.BlockDevice[] | Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. | | cooldown | aws-cdk-lib.Duration | Default scaling cooldown for this AutoScalingGroup. | | desiredCapacity | number | Initial amount of instances in the fleet. | | groupMetrics | aws-cdk-lib.aws_autoscaling.GroupMetrics[] | Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. | | healthCheck | aws-cdk-lib.aws_autoscaling.HealthCheck | Configuration for health checks. | | ignoreUnmodifiedSizeProperties | boolean | If the ASG has scheduled actions, don't reset unchanged group sizes. | | instanceMonitoring | aws-cdk-lib.aws_autoscaling.Monitoring | Controls whether instances in this group are launched with detailed or basic monitoring. | | keyName | string | Name of SSH keypair to grant access to instances. | | maxCapacity | number | Maximum number of instances in the fleet. | | maxInstanceLifetime | aws-cdk-lib.Duration | The maximum amount of time that an instance can be in service. | | minCapacity | number | Minimum number of instances in the fleet. | | newInstancesProtectedFromScaleIn | boolean | Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. | | notifications | aws-cdk-lib.aws_autoscaling.NotificationConfiguration[] | Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). | | signals | aws-cdk-lib.aws_autoscaling.Signals | Configure waiting for signals during deployment. | | spotPrice | string | The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. | | updatePolicy | aws-cdk-lib.aws_autoscaling.UpdatePolicy | What to do when an AutoScalingGroup's instance configuration is changed. | | vpcSubnets | aws-cdk-lib.aws_ec2.SubnetSelection | Where to place instances within the VPC. | | instanceType | aws-cdk-lib.aws_ec2.InstanceType | Instance type of the instances to start. | | bootstrapEnabled | boolean | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | bootstrapOptions | BootstrapOptions | EKS node bootstrapping options. | | machineImageType | MachineImageType | Machine image type. | | mapRole | boolean | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | spotInterruptHandler | boolean | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`allowAllOutbound\`Optional \`\`\`typescript public readonly allowAllOutbound: boolean; \`\`\` - *Type:* boolean - *Default:* true Whether the instances can initiate connections to anywhere by default. --- ##### \`associatePublicIpAddress\`Optional \`\`\`typescript public readonly associatePublicIpAddress: boolean; \`\`\` - *Type:* boolean - *Default:* Use subnet setting. Whether instances in the Auto Scaling Group should have public IP addresses associated with them. --- ##### \`autoScalingGroupName\`Optional \`\`\`typescript public readonly autoScalingGroupName: string; \`\`\` - *Type:* string - *Default:* Auto generated by CloudFormation The name of the Auto Scaling group. This name must be unique per Region per account. --- ##### \`blockDevices\`Optional \`\`\`typescript public readonly blockDevices: BlockDevice[]; \`\`\` - *Type:* aws-cdk-lib.aws_autoscaling.BlockDevice[] - *Default:* Uses the block device mapping of the AMI Specifies how block devices are exposed to the instance. You can specify virtual devices and EBS volumes. Each instance that is launched has an associated root device volume, either an Amazon EBS volume or an instance store volume. You can use block device mappings to specify additional EBS volumes or instance store volumes to attach to an instance when it is launched. > [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html) --- ##### \`cooldown\`Optional \`\`\`typescript public readonly cooldown: Duration; \`\`\` - *Type:* aws-cdk-lib.Duration - *Default:* Duration.minutes(5) Default scaling cooldown for this AutoScalingGroup. --- ##### \`desiredCapacity\`Optional \`\`\`typescript public readonly desiredCapacity: number; \`\`\` - *Type:* number - *Default:* minCapacity, and leave unchanged during deployment Initial amount of instances in the fleet. If this is set to a number, every deployment will reset the amount of instances to this number. It is recommended to leave this value blank. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacity) --- ##### \`groupMetrics\`Optional \`\`\`typescript public readonly groupMetrics: GroupMetrics[]; \`\`\` - *Type:* aws-cdk-lib.aws_autoscaling.GroupMetrics[] - *Default:* no group metrics will be reported Enable monitoring for group metrics, these metrics describe the group rather than any of its instances. To report all group metrics use \`GroupMetrics.all()\` Group metrics are reported in a granularity of 1 minute at no additional charge. --- ##### \`healthCheck\`Optional \`\`\`typescript public readonly healthCheck: HealthCheck; \`\`\` - *Type:* aws-cdk-lib.aws_autoscaling.HealthCheck - *Default:* HealthCheck.ec2 with no grace period Configuration for health checks. --- ##### \`ignoreUnmodifiedSizeProperties\`Optional \`\`\`typescript public readonly ignoreUnmodifiedSizeProperties: boolean; \`\`\` - *Type:* boolean - *Default:* true If the ASG has scheduled actions, don't reset unchanged group sizes. Only used if the ASG has scheduled actions (which may scale your ASG up or down regardless of cdk deployments). If true, the size of the group will only be reset if it has been changed in the CDK app. If false, the sizes will always be changed back to what they were in the CDK app on deployment. --- ##### \`instanceMonitoring\`Optional \`\`\`typescript public readonly instanceMonitoring: Monitoring; \`\`\` - *Type:* aws-cdk-lib.aws_autoscaling.Monitoring - *Default:* Monitoring.DETAILED Controls whether instances in this group are launched with detailed or basic monitoring. When detailed monitoring is enabled, Amazon CloudWatch generates metrics every minute and your account is charged a fee. When you disable detailed monitoring, CloudWatch generates metrics every 5 minutes. > [https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics](https://docs.aws.amazon.com/autoscaling/latest/userguide/as-instance-monitoring.html#enable-as-instance-metrics) --- ##### \`keyName\`Optional \`\`\`typescript public readonly keyName: string; \`\`\` - *Type:* string - *Default:* No SSH access will be possible. Name of SSH keypair to grant access to instances. --- ##### \`maxCapacity\`Optional \`\`\`typescript public readonly maxCapacity: number; \`\`\` - *Type:* number - *Default:* desiredCapacity Maximum number of instances in the fleet. --- ##### \`maxInstanceLifetime\`Optional \`\`\`typescript public readonly maxInstanceLifetime: Duration; \`\`\` - *Type:* aws-cdk-lib.Duration - *Default:* none The maximum amount of time that an instance can be in service. The maximum duration applies to all current and future instances in the group. As an instance approaches its maximum duration, it is terminated and replaced, and cannot be used again. You must specify a value of at least 604,800 seconds (7 days). To clear a previously set value, leave this property undefined. > [https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-max-instance-lifetime.html) --- ##### \`minCapacity\`Optional \`\`\`typescript public readonly minCapacity: number; \`\`\` - *Type:* number - *Default:* 1 Minimum number of instances in the fleet. --- ##### \`newInstancesProtectedFromScaleIn\`Optional \`\`\`typescript public readonly newInstancesProtectedFromScaleIn: boolean; \`\`\` - *Type:* boolean - *Default:* false Whether newly-launched instances are protected from termination by Amazon EC2 Auto Scaling when scaling in. By default, Auto Scaling can terminate an instance at any time after launch when scaling in an Auto Scaling Group, subject to the group's termination policy. However, you may wish to protect newly-launched instances from being scaled in if they are going to run critical applications that should not be prematurely terminated. This flag must be enabled if the Auto Scaling Group will be associated with an ECS Capacity Provider with managed termination protection. --- ##### \`notifications\`Optional \`\`\`typescript public readonly notifications: NotificationConfiguration[]; \`\`\` - *Type:* aws-cdk-lib.aws_autoscaling.NotificationConfiguration[] - *Default:* No fleet change notifications will be sent. Configure autoscaling group to send notifications about fleet changes to an SNS topic(s). > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-notificationconfigurations) --- ##### \`signals\`Optional \`\`\`typescript public readonly signals: Signals; \`\`\` - *Type:* aws-cdk-lib.aws_autoscaling.Signals - *Default:* Do not wait for signals Configure waiting for signals during deployment. Use this to pause the CloudFormation deployment to wait for the instances in the AutoScalingGroup to report successful startup during creation and updates. The UserData script needs to invoke \`cfn-signal\` with a success or failure code after it is done setting up the instance. Without waiting for signals, the CloudFormation deployment will proceed as soon as the AutoScalingGroup has been created or updated but before the instances in the group have been started. For example, to have instances wait for an Elastic Load Balancing health check before they signal success, add a health-check verification by using the cfn-init helper script. For an example, see the verify_instance_health command in the Auto Scaling rolling updates sample template: https://github.com/awslabs/aws-cloudformation-templates/blob/master/aws/services/AutoScaling/AutoScalingRollingUpdates.yaml --- ##### \`spotPrice\`Optional \`\`\`typescript public readonly spotPrice: string; \`\`\` - *Type:* string - *Default:* none The maximum hourly price (in USD) to be paid for any Spot Instance launched to fulfill the request. Spot Instances are launched when the price you specify exceeds the current Spot market price. --- ##### \`updatePolicy\`Optional \`\`\`typescript public readonly updatePolicy: UpdatePolicy; \`\`\` - *Type:* aws-cdk-lib.aws_autoscaling.UpdatePolicy - *Default:* \`UpdatePolicy.rollingUpdate()\` if using \`init\`, \`UpdatePolicy.none()\` otherwise What to do when an AutoScalingGroup's instance configuration is changed. This is applied when any of the settings on the ASG are changed that affect how the instances should be created (VPC, instance type, startup scripts, etc.). It indicates how the existing instances should be replaced with new instances matching the new config. By default, nothing is done and only new instances are launched with the new config. --- ##### \`vpcSubnets\`Optional \`\`\`typescript public readonly vpcSubnets: SubnetSelection; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.SubnetSelection - *Default:* All Private subnets. Where to place instances within the VPC. --- ##### \`instanceType\`Required \`\`\`typescript public readonly instanceType: InstanceType; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.InstanceType Instance type of the instances to start. --- ##### \`bootstrapEnabled\`Optional \`\`\`typescript public readonly bootstrapEnabled: boolean; \`\`\` - *Type:* boolean - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`bootstrapOptions\`Optional \`\`\`typescript public readonly bootstrapOptions: BootstrapOptions; \`\`\` - *Type:* BootstrapOptions - *Default:* none EKS node bootstrapping options. --- ##### \`machineImageType\`Optional \`\`\`typescript public readonly machineImageType: MachineImageType; \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Machine image type. --- ##### \`mapRole\`Optional \`\`\`typescript public readonly mapRole: boolean; \`\`\` - *Type:* boolean - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`spotInterruptHandler\`Optional \`\`\`typescript public readonly spotInterruptHandler: boolean; \`\`\` - *Type:* boolean - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is used. --- ### AutoScalingGroupOptions Options for adding an AutoScalingGroup as capacity. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const autoScalingGroupOptions: aws_eks.AutoScalingGroupOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | bootstrapEnabled | boolean | Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. | | bootstrapOptions | BootstrapOptions | Allows options for node bootstrapping through EC2 user data. | | machineImageType | MachineImageType | Allow options to specify different machine image type. | | mapRole | boolean | Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. | | spotInterruptHandler | boolean | Installs the AWS spot instance interrupt handler on the cluster if it's not already added. | --- ##### \`bootstrapEnabled\`Optional \`\`\`typescript public readonly bootstrapEnabled: boolean; \`\`\` - *Type:* boolean - *Default:* true Configures the EC2 user-data script for instances in this autoscaling group to bootstrap the node (invoke \`/etc/eks/bootstrap.sh\`) and associate it with the EKS cluster. If you wish to provide a custom user data script, set this to \`false\` and manually invoke \`autoscalingGroup.addUserData()\`. --- ##### \`bootstrapOptions\`Optional \`\`\`typescript public readonly bootstrapOptions: BootstrapOptions; \`\`\` - *Type:* BootstrapOptions - *Default:* default options Allows options for node bootstrapping through EC2 user data. --- ##### \`machineImageType\`Optional \`\`\`typescript public readonly machineImageType: MachineImageType; \`\`\` - *Type:* MachineImageType - *Default:* MachineImageType.AMAZON_LINUX_2 Allow options to specify different machine image type. --- ##### \`mapRole\`Optional \`\`\`typescript public readonly mapRole: boolean; \`\`\` - *Type:* boolean - *Default:* true if the cluster has kubectl enabled (which is the default). Will automatically update the aws-auth ConfigMap to map the IAM instance role to RBAC. This cannot be explicitly set to \`true\` if the cluster has kubectl disabled. --- ##### \`spotInterruptHandler\`Optional \`\`\`typescript public readonly spotInterruptHandler: boolean; \`\`\` - *Type:* boolean - *Default:* true Installs the AWS spot instance interrupt handler on the cluster if it's not already added. Only relevant if \`spotPrice\` is configured on the auto-scaling group. --- ### AwsAuthMapping AwsAuth mapping. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const awsAuthMapping: aws_eks.AwsAuthMapping = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | groups | string[] | A list of groups within Kubernetes to which the role is mapped. | | username | string | The user name within Kubernetes to map to the IAM role. | --- ##### \`groups\`Required \`\`\`typescript public readonly groups: string[]; \`\`\` - *Type:* string[] A list of groups within Kubernetes to which the role is mapped. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`username\`Optional \`\`\`typescript public readonly username: string; \`\`\` - *Type:* string - *Default:* By default, the user name is the ARN of the IAM role. The user name within Kubernetes to map to the IAM role. --- ### AwsAuthProps Configuration props for the AwsAuth construct. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const awsAuthProps: aws_eks.AwsAuthProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster | Cluster | The EKS cluster to apply this configuration to. | --- ##### \`cluster\`Required \`\`\`typescript public readonly cluster: Cluster; \`\`\` - *Type:* Cluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### BootstrapOptions EKS node bootstrapping options. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const bootstrapOptions: aws_eks.BootstrapOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | additionalArgs | string | Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. | | awsApiRetryAttempts | number | Number of retry attempts for AWS API call (DescribeCluster). | | dnsClusterIp | string | Overrides the IP address to use for DNS queries within the cluster. | | dockerConfigJson | string | The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. | | enableDockerBridge | boolean | Restores the docker default bridge network. | | kubeletExtraArgs | string | Extra arguments to add to the kubelet. | | useMaxPods | boolean | Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. | --- ##### \`additionalArgs\`Optional \`\`\`typescript public readonly additionalArgs: string; \`\`\` - *Type:* string - *Default:* none Additional command line arguments to pass to the \`/etc/eks/bootstrap.sh\` command. > [https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh](https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh) --- ##### \`awsApiRetryAttempts\`Optional \`\`\`typescript public readonly awsApiRetryAttempts: number; \`\`\` - *Type:* number - *Default:* 3 Number of retry attempts for AWS API call (DescribeCluster). --- ##### \`dnsClusterIp\`Optional \`\`\`typescript public readonly dnsClusterIp: string; \`\`\` - *Type:* string - *Default:* 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface. Overrides the IP address to use for DNS queries within the cluster. --- ##### \`dockerConfigJson\`Optional \`\`\`typescript public readonly dockerConfigJson: string; \`\`\` - *Type:* string - *Default:* none The contents of the \`/etc/docker/daemon.json\` file. Useful if you want a custom config differing from the default one in the EKS AMI. --- ##### \`enableDockerBridge\`Optional \`\`\`typescript public readonly enableDockerBridge: boolean; \`\`\` - *Type:* boolean - *Default:* false Restores the docker default bridge network. --- ##### \`kubeletExtraArgs\`Optional \`\`\`typescript public readonly kubeletExtraArgs: string; \`\`\` - *Type:* string - *Default:* none Extra arguments to add to the kubelet. Useful for adding labels or taints. --- *Example* \`\`\`typescript --node-labels foo=bar,goo=far \`\`\` ##### \`useMaxPods\`Optional \`\`\`typescript public readonly useMaxPods: boolean; \`\`\` - *Type:* boolean - *Default:* true Sets \`--max-pods\` for the kubelet based on the capacity of the EC2 instance. --- ### CfnAddonProps Properties for defining a \`AWS::EKS::Addon\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const cfnAddonProps: aws_eks.CfnAddonProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | addonName | string | \`AWS::EKS::Addon.AddonName\`. | | clusterName | string | \`AWS::EKS::Addon.ClusterName\`. | | addonVersion | string | \`AWS::EKS::Addon.AddonVersion\`. | | resolveConflicts | string | \`AWS::EKS::Addon.ResolveConflicts\`. | | serviceAccountRoleArn | string | \`AWS::EKS::Addon.ServiceAccountRoleArn\`. | | tags | aws-cdk-lib.CfnTag[] | \`AWS::EKS::Addon.Tags\`. | --- ##### \`addonName\`Required \`\`\`typescript public readonly addonName: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname) --- ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername) --- ##### \`addonVersion\`Optional \`\`\`typescript public readonly addonVersion: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.AddonVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion) --- ##### \`resolveConflicts\`Optional \`\`\`typescript public readonly resolveConflicts: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.ResolveConflicts\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts) --- ##### \`serviceAccountRoleArn\`Optional \`\`\`typescript public readonly serviceAccountRoleArn: string; \`\`\` - *Type:* string \`AWS::EKS::Addon.ServiceAccountRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn) --- ##### \`tags\`Optional \`\`\`typescript public readonly tags: CfnTag[]; \`\`\` - *Type:* aws-cdk-lib.CfnTag[] \`AWS::EKS::Addon.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags) --- ### CfnClusterProps Properties for defining a \`AWS::EKS::Cluster\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const cfnClusterProps: aws_eks.CfnClusterProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | resourcesVpcConfig | ResourcesVpcConfigProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Cluster.ResourcesVpcConfig\`. | | roleArn | string | \`AWS::EKS::Cluster.RoleArn\`. | | encryptionConfig | aws-cdk-lib.IResolvable \\| EncryptionConfigProperty \\| aws-cdk-lib.IResolvable[] | \`AWS::EKS::Cluster.EncryptionConfig\`. | | kubernetesNetworkConfig | KubernetesNetworkConfigProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. | | name | string | \`AWS::EKS::Cluster.Name\`. | | version | string | \`AWS::EKS::Cluster.Version\`. | --- ##### \`resourcesVpcConfig\`Required \`\`\`typescript public readonly resourcesVpcConfig: ResourcesVpcConfigProperty | IResolvable; \`\`\` - *Type:* ResourcesVpcConfigProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Cluster.ResourcesVpcConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-resourcesvpcconfig) --- ##### \`roleArn\`Required \`\`\`typescript public readonly roleArn: string; \`\`\` - *Type:* string \`AWS::EKS::Cluster.RoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-rolearn) --- ##### \`encryptionConfig\`Optional \`\`\`typescript public readonly encryptionConfig: IResolvable | EncryptionConfigProperty | IResolvable[]; \`\`\` - *Type:* aws-cdk-lib.IResolvable | EncryptionConfigProperty | aws-cdk-lib.IResolvable[] \`AWS::EKS::Cluster.EncryptionConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-encryptionconfig) --- ##### \`kubernetesNetworkConfig\`Optional \`\`\`typescript public readonly kubernetesNetworkConfig: KubernetesNetworkConfigProperty | IResolvable; \`\`\` - *Type:* KubernetesNetworkConfigProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Cluster.KubernetesNetworkConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-kubernetesnetworkconfig) --- ##### \`name\`Optional \`\`\`typescript public readonly name: string; \`\`\` - *Type:* string \`AWS::EKS::Cluster.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-name) --- ##### \`version\`Optional \`\`\`typescript public readonly version: string; \`\`\` - *Type:* string \`AWS::EKS::Cluster.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html#cfn-eks-cluster-version) --- ### CfnFargateProfileProps Properties for defining a \`AWS::EKS::FargateProfile\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const cfnFargateProfileProps: aws_eks.CfnFargateProfileProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | clusterName | string | \`AWS::EKS::FargateProfile.ClusterName\`. | | podExecutionRoleArn | string | \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. | | selectors | aws-cdk-lib.IResolvable \\| SelectorProperty \\| aws-cdk-lib.IResolvable[] | \`AWS::EKS::FargateProfile.Selectors\`. | | fargateProfileName | string | \`AWS::EKS::FargateProfile.FargateProfileName\`. | | subnets | string[] | \`AWS::EKS::FargateProfile.Subnets\`. | | tags | aws-cdk-lib.CfnTag[] | \`AWS::EKS::FargateProfile.Tags\`. | --- ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-clustername) --- ##### \`podExecutionRoleArn\`Required \`\`\`typescript public readonly podExecutionRoleArn: string; \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.PodExecutionRoleArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-podexecutionrolearn) --- ##### \`selectors\`Required \`\`\`typescript public readonly selectors: IResolvable | SelectorProperty | IResolvable[]; \`\`\` - *Type:* aws-cdk-lib.IResolvable | SelectorProperty | aws-cdk-lib.IResolvable[] \`AWS::EKS::FargateProfile.Selectors\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-selectors) --- ##### \`fargateProfileName\`Optional \`\`\`typescript public readonly fargateProfileName: string; \`\`\` - *Type:* string \`AWS::EKS::FargateProfile.FargateProfileName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-fargateprofilename) --- ##### \`subnets\`Optional \`\`\`typescript public readonly subnets: string[]; \`\`\` - *Type:* string[] \`AWS::EKS::FargateProfile.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-subnets) --- ##### \`tags\`Optional \`\`\`typescript public readonly tags: CfnTag[]; \`\`\` - *Type:* aws-cdk-lib.CfnTag[] \`AWS::EKS::FargateProfile.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-fargateprofile.html#cfn-eks-fargateprofile-tags) --- ### CfnNodegroupProps Properties for defining a \`AWS::EKS::Nodegroup\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const cfnNodegroupProps: aws_eks.CfnNodegroupProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | clusterName | string | \`AWS::EKS::Nodegroup.ClusterName\`. | | nodeRole | string | \`AWS::EKS::Nodegroup.NodeRole\`. | | subnets | string[] | \`AWS::EKS::Nodegroup.Subnets\`. | | amiType | string | \`AWS::EKS::Nodegroup.AmiType\`. | | capacityType | string | \`AWS::EKS::Nodegroup.CapacityType\`. | | diskSize | number | \`AWS::EKS::Nodegroup.DiskSize\`. | | forceUpdateEnabled | boolean \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. | | instanceTypes | string[] | \`AWS::EKS::Nodegroup.InstanceTypes\`. | | labels | any | \`AWS::EKS::Nodegroup.Labels\`. | | launchTemplate | LaunchTemplateSpecificationProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Nodegroup.LaunchTemplate\`. | | nodegroupName | string | \`AWS::EKS::Nodegroup.NodegroupName\`. | | releaseVersion | string | \`AWS::EKS::Nodegroup.ReleaseVersion\`. | | remoteAccess | RemoteAccessProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Nodegroup.RemoteAccess\`. | | scalingConfig | ScalingConfigProperty \\| aws-cdk-lib.IResolvable | \`AWS::EKS::Nodegroup.ScalingConfig\`. | | tags | any | \`AWS::EKS::Nodegroup.Tags\`. | | taints | aws-cdk-lib.IResolvable \\| TaintProperty \\| aws-cdk-lib.IResolvable[] | \`AWS::EKS::Nodegroup.Taints\`. | | version | string | \`AWS::EKS::Nodegroup.Version\`. | --- ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ClusterName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-clustername) --- ##### \`nodeRole\`Required \`\`\`typescript public readonly nodeRole: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodeRole\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-noderole) --- ##### \`subnets\`Required \`\`\`typescript public readonly subnets: string[]; \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.Subnets\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-subnets) --- ##### \`amiType\`Optional \`\`\`typescript public readonly amiType: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.AmiType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-amitype) --- ##### \`capacityType\`Optional \`\`\`typescript public readonly capacityType: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.CapacityType\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-capacitytype) --- ##### \`diskSize\`Optional \`\`\`typescript public readonly diskSize: number; \`\`\` - *Type:* number \`AWS::EKS::Nodegroup.DiskSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-disksize) --- ##### \`forceUpdateEnabled\`Optional \`\`\`typescript public readonly forceUpdateEnabled: boolean | IResolvable; \`\`\` - *Type:* boolean | aws-cdk-lib.IResolvable \`AWS::EKS::Nodegroup.ForceUpdateEnabled\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-forceupdateenabled) --- ##### \`instanceTypes\`Optional \`\`\`typescript public readonly instanceTypes: string[]; \`\`\` - *Type:* string[] \`AWS::EKS::Nodegroup.InstanceTypes\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`typescript public readonly labels: any; \`\`\` - *Type:* any \`AWS::EKS::Nodegroup.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-labels) --- ##### \`launchTemplate\`Optional \`\`\`typescript public readonly launchTemplate: LaunchTemplateSpecificationProperty | IResolvable; \`\`\` - *Type:* LaunchTemplateSpecificationProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Nodegroup.LaunchTemplate\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-launchtemplate) --- ##### \`nodegroupName\`Optional \`\`\`typescript public readonly nodegroupName: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.NodegroupName\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-nodegroupname) --- ##### \`releaseVersion\`Optional \`\`\`typescript public readonly releaseVersion: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.ReleaseVersion\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-releaseversion) --- ##### \`remoteAccess\`Optional \`\`\`typescript public readonly remoteAccess: RemoteAccessProperty | IResolvable; \`\`\` - *Type:* RemoteAccessProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Nodegroup.RemoteAccess\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-remoteaccess) --- ##### \`scalingConfig\`Optional \`\`\`typescript public readonly scalingConfig: ScalingConfigProperty | IResolvable; \`\`\` - *Type:* ScalingConfigProperty | aws-cdk-lib.IResolvable \`AWS::EKS::Nodegroup.ScalingConfig\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-scalingconfig) --- ##### \`tags\`Optional \`\`\`typescript public readonly tags: any; \`\`\` - *Type:* any \`AWS::EKS::Nodegroup.Tags\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-tags) --- ##### \`taints\`Optional \`\`\`typescript public readonly taints: IResolvable | TaintProperty | IResolvable[]; \`\`\` - *Type:* aws-cdk-lib.IResolvable | TaintProperty | aws-cdk-lib.IResolvable[] \`AWS::EKS::Nodegroup.Taints\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-taints) --- ##### \`version\`Optional \`\`\`typescript public readonly version: string; \`\`\` - *Type:* string \`AWS::EKS::Nodegroup.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-version) --- ### ClusterAttributes Attributes for EKS clusters. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const clusterAttributes: aws_eks.ClusterAttributes = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | clusterName | string | The physical name of the Cluster. | | clusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | string | The API Server endpoint URL. | | clusterSecurityGroupId | string | The cluster security group that was created by Amazon EKS for the cluster. | | kubectlEnvironment | {[ key: string ]: string} | Environment variables to use when running \`kubectl\` against this cluster. | | kubectlLayer | aws-cdk-lib.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | aws-cdk-lib.Size | Amount of memory to allocate to the provider's lambda function. | | kubectlPrivateSubnetIds | string[] | Subnets to host the \`kubectl\` compute resources. | | kubectlRoleArn | string | An IAM role with cluster administrator and "system:masters" permissions. | | kubectlSecurityGroupId | string | A security group to use for \`kubectl\` execution. | | openIdConnectProvider | aws-cdk-lib.aws_iam.IOpenIdConnectProvider | An Open ID Connect provider for this cluster that can be used to configure service accounts. | | prune | boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | securityGroupIds | string[] | Additional security groups associated with this cluster. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC in which this Cluster was created. | --- ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string The physical name of the Cluster. --- ##### \`clusterCertificateAuthorityData\`Optional \`\`\`typescript public readonly clusterCertificateAuthorityData: string; \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterCertificateAuthorityData\` will throw an error The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Optional \`\`\`typescript public readonly clusterEncryptionConfigKeyArn: string; \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterEncryptionConfigKeyArn\` will throw an error Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Optional \`\`\`typescript public readonly clusterEndpoint: string; \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterEndpoint\` will throw an error. The API Server endpoint URL. --- ##### \`clusterSecurityGroupId\`Optional \`\`\`typescript public readonly clusterSecurityGroupId: string; \`\`\` - *Type:* string - *Default:* if not specified \`cluster.clusterSecurityGroupId\` will throw an error The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`kubectlEnvironment\`Optional \`\`\`typescript public readonly kubectlEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* no additional variables Environment variables to use when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`typescript public readonly kubectlLayer: ILayerVersion; \`\`\` - *Type:* aws-cdk-lib.aws_lambda.ILayerVersion - *Default:* a layer bundled with this module. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. This layer is used by the kubectl handler to apply manifests and install helm charts. The handler expects the layer to include the following executables: helm/helm kubectl/kubectl awscli/aws --- ##### \`kubectlMemory\`Optional \`\`\`typescript public readonly kubectlMemory: Size; \`\`\` - *Type:* aws-cdk-lib.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`kubectlPrivateSubnetIds\`Optional \`\`\`typescript public readonly kubectlPrivateSubnetIds: string[]; \`\`\` - *Type:* string[] - *Default:* k8s endpoint is expected to be accessible publicly Subnets to host the \`kubectl\` compute resources. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`kubectlRoleArn\`Optional \`\`\`typescript public readonly kubectlRoleArn: string; \`\`\` - *Type:* string - *Default:* if not specified, it not be possible to issue \`kubectl\` commands against an imported cluster. An IAM role with cluster administrator and "system:masters" permissions. --- ##### \`kubectlSecurityGroupId\`Optional \`\`\`typescript public readonly kubectlSecurityGroupId: string; \`\`\` - *Type:* string - *Default:* k8s endpoint is expected to be accessible publicly A security group to use for \`kubectl\` execution. If not specified, the k8s endpoint is expected to be accessible publicly. --- ##### \`openIdConnectProvider\`Optional \`\`\`typescript public readonly openIdConnectProvider: IOpenIdConnectProvider; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IOpenIdConnectProvider - *Default:* if not specified \`cluster.openIdConnectProvider\` and \`cluster.addServiceAccount\` will throw an error. An Open ID Connect provider for this cluster that can be used to configure service accounts. You can either import an existing provider using \`iam.OpenIdConnectProvider.fromProviderArn\`, or create a new provider using \`new eks.OpenIdConnectProvider\` --- ##### \`prune\`Optional \`\`\`typescript public readonly prune: boolean; \`\`\` - *Type:* boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`securityGroupIds\`Optional \`\`\`typescript public readonly securityGroupIds: string[]; \`\`\` - *Type:* string[] - *Default:* if not specified, no additional security groups will be considered in \`cluster.connections\`. Additional security groups associated with this cluster. --- ##### \`vpc\`Optional \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc - *Default:* if not specified \`cluster.vpc\` will throw an error The VPC in which this Cluster was created. --- ### ClusterOptions Options for EKS clusters. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const clusterOptions: aws_eks.ClusterOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | string | Name for the cluster. | | outputClusterName | boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws-cdk-lib.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | aws-cdk-lib.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | {[ key: string ]: string} | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | {[ key: string ]: string} | Environment variables for the kubectl execution. | | kubectlLayer | aws-cdk-lib.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | aws-cdk-lib.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | aws-cdk-lib.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | aws-cdk-lib.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | --- ##### \`version\`Required \`\`\`typescript public readonly version: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`typescript public readonly outputClusterName: boolean; \`\`\` - *Type:* boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`typescript public readonly outputConfigCommand: boolean; \`\`\` - *Type:* boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`typescript public readonly role: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`typescript public readonly securityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`typescript public readonly vpcSubnets: SubnetSelection[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`ts vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional \`\`\`typescript public readonly clusterHandlerEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional \`\`\`typescript public readonly coreDnsComputeType: CoreDnsComputeType; \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional \`\`\`typescript public readonly endpointAccess: EndpointAccess; \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional \`\`\`typescript public readonly kubectlEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional \`\`\`typescript public readonly kubectlLayer: ILayerVersion; \`\`\` - *Type:* aws-cdk-lib.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`ts const layer = new lambda.LayerVersion(this, 'kubectl-layer', { code: lambda.Code.fromAsset(\`\${__dirname}/layer.zip\`)), compatibleRuntimes: [lambda.Runtime.PROVIDED] }) \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional \`\`\`typescript public readonly kubectlMemory: Size; \`\`\` - *Type:* aws-cdk-lib.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional \`\`\`typescript public readonly mastersRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional \`\`\`typescript public readonly outputMastersRoleArn: boolean; \`\`\` - *Type:* boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional \`\`\`typescript public readonly placeClusterHandlerInVpc: boolean; \`\`\` - *Type:* boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`typescript public readonly prune: boolean; \`\`\` - *Type:* boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional \`\`\`typescript public readonly secretsEncryptionKey: IKey; \`\`\` - *Type:* aws-cdk-lib.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ### ClusterProps Common configuration props for EKS clusters. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const clusterProps: aws_eks.ClusterProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | string | Name for the cluster. | | outputClusterName | boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws-cdk-lib.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | aws-cdk-lib.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | {[ key: string ]: string} | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | {[ key: string ]: string} | Environment variables for the kubectl execution. | | kubectlLayer | aws-cdk-lib.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | aws-cdk-lib.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | aws-cdk-lib.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | aws-cdk-lib.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultCapacity | number | Number of instances to allocate as an initial capacity for this cluster. | | defaultCapacityInstance | aws-cdk-lib.aws_ec2.InstanceType | The instance type to use for the default capacity. | | defaultCapacityType | DefaultCapacityType | The default capacity type for the cluster. | --- ##### \`version\`Required \`\`\`typescript public readonly version: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`typescript public readonly outputClusterName: boolean; \`\`\` - *Type:* boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`typescript public readonly outputConfigCommand: boolean; \`\`\` - *Type:* boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`typescript public readonly role: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`typescript public readonly securityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`typescript public readonly vpcSubnets: SubnetSelection[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`ts vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional \`\`\`typescript public readonly clusterHandlerEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional \`\`\`typescript public readonly coreDnsComputeType: CoreDnsComputeType; \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional \`\`\`typescript public readonly endpointAccess: EndpointAccess; \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional \`\`\`typescript public readonly kubectlEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional \`\`\`typescript public readonly kubectlLayer: ILayerVersion; \`\`\` - *Type:* aws-cdk-lib.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`ts const layer = new lambda.LayerVersion(this, 'kubectl-layer', { code: lambda.Code.fromAsset(\`\${__dirname}/layer.zip\`)), compatibleRuntimes: [lambda.Runtime.PROVIDED] }) \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional \`\`\`typescript public readonly kubectlMemory: Size; \`\`\` - *Type:* aws-cdk-lib.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional \`\`\`typescript public readonly mastersRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional \`\`\`typescript public readonly outputMastersRoleArn: boolean; \`\`\` - *Type:* boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional \`\`\`typescript public readonly placeClusterHandlerInVpc: boolean; \`\`\` - *Type:* boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`typescript public readonly prune: boolean; \`\`\` - *Type:* boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional \`\`\`typescript public readonly secretsEncryptionKey: IKey; \`\`\` - *Type:* aws-cdk-lib.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultCapacity\`Optional \`\`\`typescript public readonly defaultCapacity: number; \`\`\` - *Type:* number - *Default:* 2 Number of instances to allocate as an initial capacity for this cluster. Instance type can be configured through \`defaultCapacityInstanceType\`, which defaults to \`m5.large\`. Use \`cluster.addAutoScalingGroupCapacity\` to add additional customized capacity. Set this to \`0\` is you wish to avoid the initial capacity allocation. --- ##### \`defaultCapacityInstance\`Optional \`\`\`typescript public readonly defaultCapacityInstance: InstanceType; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.InstanceType - *Default:* m5.large The instance type to use for the default capacity. This will only be taken into account if \`defaultCapacity\` is > 0. --- ##### \`defaultCapacityType\`Optional \`\`\`typescript public readonly defaultCapacityType: DefaultCapacityType; \`\`\` - *Type:* DefaultCapacityType - *Default:* NODEGROUP The default capacity type for the cluster. --- ### CommonClusterOptions Options for configuring an EKS cluster. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const commonClusterOptions: aws_eks.CommonClusterOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | string | Name for the cluster. | | outputClusterName | boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws-cdk-lib.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | aws-cdk-lib.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | --- ##### \`version\`Required \`\`\`typescript public readonly version: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`typescript public readonly outputClusterName: boolean; \`\`\` - *Type:* boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`typescript public readonly outputConfigCommand: boolean; \`\`\` - *Type:* boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`typescript public readonly role: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`typescript public readonly securityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`typescript public readonly vpcSubnets: SubnetSelection[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`ts vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ### EksOptimizedImageProps Properties for EksOptimizedImage. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const eksOptimizedImageProps: aws_eks.EksOptimizedImageProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cpuArch | CpuArch | What cpu architecture to retrieve the image for (arm64 or x86_64). | | kubernetesVersion | string | The Kubernetes version to use. | | nodeType | NodeType | What instance type to retrieve the image for (standard or GPU-optimized). | --- ##### \`cpuArch\`Optional \`\`\`typescript public readonly cpuArch: CpuArch; \`\`\` - *Type:* CpuArch - *Default:* CpuArch.X86_64 What cpu architecture to retrieve the image for (arm64 or x86_64). --- ##### \`kubernetesVersion\`Optional \`\`\`typescript public readonly kubernetesVersion: string; \`\`\` - *Type:* string - *Default:* The latest version The Kubernetes version to use. --- ##### \`nodeType\`Optional \`\`\`typescript public readonly nodeType: NodeType; \`\`\` - *Type:* NodeType - *Default:* NodeType.STANDARD What instance type to retrieve the image for (standard or GPU-optimized). --- ### EncryptionConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const encryptionConfigProperty: aws_eks.CfnCluster.EncryptionConfigProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | provider | ProviderProperty \\| aws-cdk-lib.IResolvable | \`CfnCluster.EncryptionConfigProperty.Provider\`. | | resources | string[] | \`CfnCluster.EncryptionConfigProperty.Resources\`. | --- ##### \`provider\`Optional \`\`\`typescript public readonly provider: ProviderProperty | IResolvable; \`\`\` - *Type:* ProviderProperty | aws-cdk-lib.IResolvable \`CfnCluster.EncryptionConfigProperty.Provider\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider) --- ##### \`resources\`Optional \`\`\`typescript public readonly resources: string[]; \`\`\` - *Type:* string[] \`CfnCluster.EncryptionConfigProperty.Resources\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources) --- ### FargateClusterProps Configuration props for EKS Fargate. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const fargateClusterProps: aws_eks.FargateClusterProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | KubernetesVersion | The Kubernetes version to run in the cluster. | | clusterName | string | Name for the cluster. | | outputClusterName | boolean | Determines whether a CloudFormation output with the name of the cluster will be synthesized. | | outputConfigCommand | boolean | Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. | | role | aws-cdk-lib.aws_iam.IRole | Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. | | securityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | Security Group to use for Control Plane ENIs. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC in which to create the Cluster. | | vpcSubnets | aws-cdk-lib.aws_ec2.SubnetSelection[] | Where to place EKS Control Plane ENIs. | | clusterHandlerEnvironment | {[ key: string ]: string} | Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. | | coreDnsComputeType | CoreDnsComputeType | Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. | | endpointAccess | EndpointAccess | Configure access to the Kubernetes API server endpoint.. | | kubectlEnvironment | {[ key: string ]: string} | Environment variables for the kubectl execution. | | kubectlLayer | aws-cdk-lib.aws_lambda.ILayerVersion | An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. | | kubectlMemory | aws-cdk-lib.Size | Amount of memory to allocate to the provider's lambda function. | | mastersRole | aws-cdk-lib.aws_iam.IRole | An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. | | outputMastersRoleArn | boolean | Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). | | placeClusterHandlerInVpc | boolean | If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. | | prune | boolean | Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. | | secretsEncryptionKey | aws-cdk-lib.aws_kms.IKey | KMS secret for envelope encryption for Kubernetes secrets. | | defaultProfile | FargateProfileOptions | Fargate Profile to create along with the cluster. | --- ##### \`version\`Required \`\`\`typescript public readonly version: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion The Kubernetes version to run in the cluster. --- ##### \`clusterName\`Optional \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string - *Default:* Automatically generated name Name for the cluster. --- ##### \`outputClusterName\`Optional \`\`\`typescript public readonly outputClusterName: boolean; \`\`\` - *Type:* boolean - *Default:* false Determines whether a CloudFormation output with the name of the cluster will be synthesized. --- ##### \`outputConfigCommand\`Optional \`\`\`typescript public readonly outputConfigCommand: boolean; \`\`\` - *Type:* boolean - *Default:* true Determines whether a CloudFormation output with the \`aws eks update-kubeconfig\` command will be synthesized. This command will include the cluster name and, if applicable, the ARN of the masters IAM role. --- ##### \`role\`Optional \`\`\`typescript public readonly role: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* A role is automatically created for you Role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. --- ##### \`securityGroup\`Optional \`\`\`typescript public readonly securityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup - *Default:* A security group is automatically created Security Group to use for Control Plane ENIs. --- ##### \`vpc\`Optional \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc - *Default:* a VPC with default configuration will be created and can be accessed through \`cluster.vpc\`. The VPC in which to create the Cluster. --- ##### \`vpcSubnets\`Optional \`\`\`typescript public readonly vpcSubnets: SubnetSelection[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.SubnetSelection[] - *Default:* All public and private subnets Where to place EKS Control Plane ENIs. If you want to create public load balancers, this must include public subnets. For example, to only select private subnets, supply the following: \`\`\`ts vpcSubnets: [ { subnetType: ec2.SubnetType.Private } ] \`\`\` --- ##### \`clusterHandlerEnvironment\`Optional \`\`\`typescript public readonly clusterHandlerEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* No environment variables. Custom environment variables when interacting with the EKS endpoint to manage the cluster lifecycle. --- ##### \`coreDnsComputeType\`Optional \`\`\`typescript public readonly coreDnsComputeType: CoreDnsComputeType; \`\`\` - *Type:* CoreDnsComputeType - *Default:* CoreDnsComputeType.EC2 (for \`FargateCluster\` the default is FARGATE) Controls the "eks.amazonaws.com/compute-type" annotation in the CoreDNS configuration on your cluster to determine which compute type to use for CoreDNS. --- ##### \`endpointAccess\`Optional \`\`\`typescript public readonly endpointAccess: EndpointAccess; \`\`\` - *Type:* EndpointAccess - *Default:* EndpointAccess.PUBLIC_AND_PRIVATE Configure access to the Kubernetes API server endpoint.. > [https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) --- ##### \`kubectlEnvironment\`Optional \`\`\`typescript public readonly kubectlEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* No environment variables. Environment variables for the kubectl execution. Only relevant for kubectl enabled clusters. --- ##### \`kubectlLayer\`Optional \`\`\`typescript public readonly kubectlLayer: ILayerVersion; \`\`\` - *Type:* aws-cdk-lib.aws_lambda.ILayerVersion - *Default:* the layer provided by the \`aws-lambda-layer-kubectl\` SAR app. An AWS Lambda Layer which includes \`kubectl\`, Helm and the AWS CLI. By default, the provider will use the layer included in the "aws-lambda-layer-kubectl" SAR application which is available in all commercial regions. To deploy the layer locally, visit https://github.com/aws-samples/aws-lambda-layer-kubectl/blob/master/cdk/README.md for instructions on how to prepare the .zip file and then define it in your app as follows: \`\`\`ts const layer = new lambda.LayerVersion(this, 'kubectl-layer', { code: lambda.Code.fromAsset(\`\${__dirname}/layer.zip\`)), compatibleRuntimes: [lambda.Runtime.PROVIDED] }) \`\`\` > [https://github.com/aws-samples/aws-lambda-layer-kubectl](https://github.com/aws-samples/aws-lambda-layer-kubectl) --- ##### \`kubectlMemory\`Optional \`\`\`typescript public readonly kubectlMemory: Size; \`\`\` - *Type:* aws-cdk-lib.Size - *Default:* Size.gibibytes(1) Amount of memory to allocate to the provider's lambda function. --- ##### \`mastersRole\`Optional \`\`\`typescript public readonly mastersRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* a role that assumable by anyone with permissions in the same account will automatically be defined An IAM role that will be added to the \`system:masters\` Kubernetes RBAC group. > [https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings) --- ##### \`outputMastersRoleArn\`Optional \`\`\`typescript public readonly outputMastersRoleArn: boolean; \`\`\` - *Type:* boolean - *Default:* false Determines whether a CloudFormation output with the ARN of the "masters" IAM role will be synthesized (if \`mastersRole\` is specified). --- ##### \`placeClusterHandlerInVpc\`Optional \`\`\`typescript public readonly placeClusterHandlerInVpc: boolean; \`\`\` - *Type:* boolean - *Default:* false If set to true, the cluster handler functions will be placed in the private subnets of the cluster vpc, subject to the \`vpcSubnets\` selection strategy. --- ##### \`prune\`Optional \`\`\`typescript public readonly prune: boolean; \`\`\` - *Type:* boolean - *Default:* true Indicates whether Kubernetes resources added through \`addManifest()\` can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`secretsEncryptionKey\`Optional \`\`\`typescript public readonly secretsEncryptionKey: IKey; \`\`\` - *Type:* aws-cdk-lib.aws_kms.IKey - *Default:* By default, Kubernetes stores all secret object data within etcd and all etcd volumes used by Amazon EKS are encrypted at the disk-level using AWS-Managed encryption keys. KMS secret for envelope encryption for Kubernetes secrets. --- ##### \`defaultProfile\`Optional \`\`\`typescript public readonly defaultProfile: FargateProfileOptions; \`\`\` - *Type:* FargateProfileOptions - *Default:* A profile called "default" with 'default' and 'kube-system' selectors will be created if this is left undefined. Fargate Profile to create along with the cluster. --- ### FargateProfileOptions Options for defining EKS Fargate Profiles. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const fargateProfileOptions: aws_eks.FargateProfileOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | selectors | Selector[] | The selectors to match for pods to use this Fargate profile. | | fargateProfileName | string | The name of the Fargate profile. | | podExecutionRole | aws-cdk-lib.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnetSelection | aws-cdk-lib.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | --- ##### \`selectors\`Required \`\`\`typescript public readonly selectors: Selector[]; \`\`\` - *Type:* Selector[] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargateProfileName\`Optional \`\`\`typescript public readonly fargateProfileName: string; \`\`\` - *Type:* string - *Default:* generated The name of the Fargate profile. --- ##### \`podExecutionRole\`Optional \`\`\`typescript public readonly podExecutionRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnetSelection\`Optional \`\`\`typescript public readonly subnetSelection: SubnetSelection; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ### FargateProfileProps Configuration props for EKS Fargate Profiles. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const fargateProfileProps: aws_eks.FargateProfileProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | selectors | Selector[] | The selectors to match for pods to use this Fargate profile. | | fargateProfileName | string | The name of the Fargate profile. | | podExecutionRole | aws-cdk-lib.aws_iam.IRole | The pod execution role to use for pods that match the selectors in the Fargate profile. | | subnetSelection | aws-cdk-lib.aws_ec2.SubnetSelection | Select which subnets to launch your pods into. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC from which to select subnets to launch your pods into. | | cluster | Cluster | The EKS cluster to apply the Fargate profile to. | --- ##### \`selectors\`Required \`\`\`typescript public readonly selectors: Selector[]; \`\`\` - *Type:* Selector[] The selectors to match for pods to use this Fargate profile. Each selector must have an associated namespace. Optionally, you can also specify labels for a namespace. At least one selector is required and you may specify up to five selectors. --- ##### \`fargateProfileName\`Optional \`\`\`typescript public readonly fargateProfileName: string; \`\`\` - *Type:* string - *Default:* generated The name of the Fargate profile. --- ##### \`podExecutionRole\`Optional \`\`\`typescript public readonly podExecutionRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* a role will be automatically created The pod execution role to use for pods that match the selectors in the Fargate profile. The pod execution role allows Fargate infrastructure to register with your cluster as a node, and it provides read access to Amazon ECR image repositories. > [https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html](https://docs.aws.amazon.com/eks/latest/userguide/pod-execution-role.html) --- ##### \`subnetSelection\`Optional \`\`\`typescript public readonly subnetSelection: SubnetSelection; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.SubnetSelection - *Default:* all private subnets of the VPC are selected. Select which subnets to launch your pods into. At this time, pods running on Fargate are not assigned public IP addresses, so only private subnets (with no direct route to an Internet Gateway) are allowed. --- ##### \`vpc\`Optional \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc - *Default:* all private subnets used by theEKS cluster The VPC from which to select subnets to launch your pods into. By default, all private subnets are selected. You can customize this using \`subnetSelection\`. --- ##### \`cluster\`Required \`\`\`typescript public readonly cluster: Cluster; \`\`\` - *Type:* Cluster The EKS cluster to apply the Fargate profile to. [disable-awslint:ref-via-interface] --- ### HelmChartOptions Helm Chart options. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const helmChartOptions: aws_eks.HelmChartOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | chart | string | The name of the chart. | | createNamespace | boolean | create namespace if not exist. | | namespace | string | The Kubernetes namespace scope of the requests. | | release | string | The name of the release. | | repository | string | The repository which contains the chart. | | timeout | aws-cdk-lib.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | {[ key: string ]: any} | The values to be used by the chart. | | version | string | The chart version to install. | | wait | boolean | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | --- ##### \`chart\`Required \`\`\`typescript public readonly chart: string; \`\`\` - *Type:* string The name of the chart. --- ##### \`createNamespace\`Optional \`\`\`typescript public readonly createNamespace: boolean; \`\`\` - *Type:* boolean - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional \`\`\`typescript public readonly namespace: string; \`\`\` - *Type:* string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional \`\`\`typescript public readonly release: string; \`\`\` - *Type:* string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional \`\`\`typescript public readonly repository: string; \`\`\` - *Type:* string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional \`\`\`typescript public readonly timeout: Duration; \`\`\` - *Type:* aws-cdk-lib.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional \`\`\`typescript public readonly values: {[ key: string ]: any}; \`\`\` - *Type:* {[ key: string ]: any} - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional \`\`\`typescript public readonly version: string; \`\`\` - *Type:* string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional \`\`\`typescript public readonly wait: boolean; \`\`\` - *Type:* boolean - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ### HelmChartProps Helm Chart properties. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const helmChartProps: aws_eks.HelmChartProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | chart | string | The name of the chart. | | createNamespace | boolean | create namespace if not exist. | | namespace | string | The Kubernetes namespace scope of the requests. | | release | string | The name of the release. | | repository | string | The repository which contains the chart. | | timeout | aws-cdk-lib.Duration | Amount of time to wait for any individual Kubernetes operation. | | values | {[ key: string ]: any} | The values to be used by the chart. | | version | string | The chart version to install. | | wait | boolean | Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. | | cluster | ICluster | The EKS cluster to apply this configuration to. | --- ##### \`chart\`Required \`\`\`typescript public readonly chart: string; \`\`\` - *Type:* string The name of the chart. --- ##### \`createNamespace\`Optional \`\`\`typescript public readonly createNamespace: boolean; \`\`\` - *Type:* boolean - *Default:* true create namespace if not exist. --- ##### \`namespace\`Optional \`\`\`typescript public readonly namespace: string; \`\`\` - *Type:* string - *Default:* default The Kubernetes namespace scope of the requests. --- ##### \`release\`Optional \`\`\`typescript public readonly release: string; \`\`\` - *Type:* string - *Default:* If no release name is given, it will use the last 53 characters of the node's unique id. The name of the release. --- ##### \`repository\`Optional \`\`\`typescript public readonly repository: string; \`\`\` - *Type:* string - *Default:* No repository will be used, which means that the chart needs to be an absolute URL. The repository which contains the chart. For example: https://kubernetes-charts.storage.googleapis.com/ --- ##### \`timeout\`Optional \`\`\`typescript public readonly timeout: Duration; \`\`\` - *Type:* aws-cdk-lib.Duration - *Default:* Duration.minutes(5) Amount of time to wait for any individual Kubernetes operation. Maximum 15 minutes. --- ##### \`values\`Optional \`\`\`typescript public readonly values: {[ key: string ]: any}; \`\`\` - *Type:* {[ key: string ]: any} - *Default:* No values are provided to the chart. The values to be used by the chart. --- ##### \`version\`Optional \`\`\`typescript public readonly version: string; \`\`\` - *Type:* string - *Default:* If this is not specified, the latest version is installed The chart version to install. --- ##### \`wait\`Optional \`\`\`typescript public readonly wait: boolean; \`\`\` - *Type:* boolean - *Default:* Helm will not wait before marking release as successful Whether or not Helm should wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet are in a ready state before marking the release as successful. --- ##### \`cluster\`Required \`\`\`typescript public readonly cluster: ICluster; \`\`\` - *Type:* ICluster The EKS cluster to apply this configuration to. [disable-awslint:ref-via-interface] --- ### KubernetesManifestOptions Options for \`KubernetesManifest\`. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const kubernetesManifestOptions: aws_eks.KubernetesManifestOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | prune | boolean | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skipValidation | boolean | A flag to signify if the manifest validation should be skipped. | --- ##### \`prune\`Optional \`\`\`typescript public readonly prune: boolean; \`\`\` - *Type:* boolean - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skipValidation\`Optional \`\`\`typescript public readonly skipValidation: boolean; \`\`\` - *Type:* boolean - *Default:* false A flag to signify if the manifest validation should be skipped. --- ### KubernetesManifestProps Properties for KubernetesManifest. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const kubernetesManifestProps: aws_eks.KubernetesManifestProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | prune | boolean | When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. | | skipValidation | boolean | A flag to signify if the manifest validation should be skipped. | | cluster | ICluster | The EKS cluster to apply this manifest to. | | manifest | {[ key: string ]: any}[] | The manifest to apply. | | overwrite | boolean | Overwrite any existing resources. | --- ##### \`prune\`Optional \`\`\`typescript public readonly prune: boolean; \`\`\` - *Type:* boolean - *Default:* based on the prune option of the cluster, which is \`true\` unless otherwise specified. When a resource is removed from a Kubernetes manifest, it no longer appears in the manifest, and there is no way to know that this resource needs to be deleted. To address this, \`kubectl apply\` has a \`--prune\` option which will query the cluster for all resources with a specific label and will remove all the labeld resources that are not part of the applied manifest. If this option is disabled and a resource is removed, it will become "orphaned" and will not be deleted from the cluster. When this option is enabled (default), the construct will inject a label to all Kubernetes resources included in this manifest which will be used to prune resources when the manifest changes via \`kubectl apply --prune\`. The label name will be \`aws.cdk.eks/prune-\` where \`\` is the 42-char unique address of this construct in the construct tree. Value is empty. > [https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#alternative-kubectl-apply-f-directory-prune-l-your-label) --- ##### \`skipValidation\`Optional \`\`\`typescript public readonly skipValidation: boolean; \`\`\` - *Type:* boolean - *Default:* false A flag to signify if the manifest validation should be skipped. --- ##### \`cluster\`Required \`\`\`typescript public readonly cluster: ICluster; \`\`\` - *Type:* ICluster The EKS cluster to apply this manifest to. [disable-awslint:ref-via-interface] --- ##### \`manifest\`Required \`\`\`typescript public readonly manifest: {[ key: string ]: any}[]; \`\`\` - *Type:* {[ key: string ]: any}[] The manifest to apply. Consists of any number of child resources. When the resources are created/updated, this manifest will be applied to the cluster through \`kubectl apply\` and when the resources or the stack is deleted, the resources in the manifest will be deleted through \`kubectl delete\`. --- *Example* \`\`\`typescript [{ apiVersion: 'v1', kind: 'Pod', metadata: { name: 'mypod' }, spec: { containers: [ { name: 'hello', image: 'paulbouwer/hello-kubernetes:1.5', ports: [ { containerPort: 8080 } ] } ] } }] \`\`\` ##### \`overwrite\`Optional \`\`\`typescript public readonly overwrite: boolean; \`\`\` - *Type:* boolean - *Default:* false Overwrite any existing resources. If this is set, we will use \`kubectl apply\` instead of \`kubectl create\` when the resource is created. Otherwise, if there is already a resource in the cluster with the same name, the operation will fail. --- ### KubernetesNetworkConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const kubernetesNetworkConfigProperty: aws_eks.CfnCluster.KubernetesNetworkConfigProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | serviceIpv4Cidr | string | \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. | --- ##### \`serviceIpv4Cidr\`Optional \`\`\`typescript public readonly serviceIpv4Cidr: string; \`\`\` - *Type:* string \`CfnCluster.KubernetesNetworkConfigProperty.ServiceIpv4Cidr\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr) --- ### KubernetesObjectValueProps Properties for KubernetesObjectValue. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const kubernetesObjectValueProps: aws_eks.KubernetesObjectValueProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | cluster | ICluster | The EKS cluster to fetch attributes from. | | jsonPath | string | JSONPath to the specific value. | | objectName | string | The name of the object to query. | | objectType | string | The object type to query. | | objectNamespace | string | The namespace the object belongs to. | | timeout | aws-cdk-lib.Duration | Timeout for waiting on a value. | --- ##### \`cluster\`Required \`\`\`typescript public readonly cluster: ICluster; \`\`\` - *Type:* ICluster The EKS cluster to fetch attributes from. [disable-awslint:ref-via-interface] --- ##### \`jsonPath\`Required \`\`\`typescript public readonly jsonPath: string; \`\`\` - *Type:* string JSONPath to the specific value. > [https://kubernetes.io/docs/reference/kubectl/jsonpath/](https://kubernetes.io/docs/reference/kubectl/jsonpath/) --- ##### \`objectName\`Required \`\`\`typescript public readonly objectName: string; \`\`\` - *Type:* string The name of the object to query. --- ##### \`objectType\`Required \`\`\`typescript public readonly objectType: string; \`\`\` - *Type:* string The object type to query. (e.g 'service', 'pod'...) --- ##### \`objectNamespace\`Optional \`\`\`typescript public readonly objectNamespace: string; \`\`\` - *Type:* string - *Default:* 'default' The namespace the object belongs to. --- ##### \`timeout\`Optional \`\`\`typescript public readonly timeout: Duration; \`\`\` - *Type:* aws-cdk-lib.Duration - *Default:* Duration.minutes(5) Timeout for waiting on a value. --- ### KubernetesPatchProps Properties for KubernetesPatch. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const kubernetesPatchProps: aws_eks.KubernetesPatchProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | applyPatch | {[ key: string ]: any} | The JSON object to pass to \`kubectl patch\` when the resource is created/updated. | | cluster | ICluster | The cluster to apply the patch to. | | resourceName | string | The full name of the resource to patch (e.g. \`deployment/coredns\`). | | restorePatch | {[ key: string ]: any} | The JSON object to pass to \`kubectl patch\` when the resource is removed. | | patchType | PatchType | The patch type to pass to \`kubectl patch\`. | | resourceNamespace | string | The kubernetes API namespace. | --- ##### \`applyPatch\`Required \`\`\`typescript public readonly applyPatch: {[ key: string ]: any}; \`\`\` - *Type:* {[ key: string ]: any} The JSON object to pass to \`kubectl patch\` when the resource is created/updated. --- ##### \`cluster\`Required \`\`\`typescript public readonly cluster: ICluster; \`\`\` - *Type:* ICluster The cluster to apply the patch to. [disable-awslint:ref-via-interface] --- ##### \`resourceName\`Required \`\`\`typescript public readonly resourceName: string; \`\`\` - *Type:* string The full name of the resource to patch (e.g. \`deployment/coredns\`). --- ##### \`restorePatch\`Required \`\`\`typescript public readonly restorePatch: {[ key: string ]: any}; \`\`\` - *Type:* {[ key: string ]: any} The JSON object to pass to \`kubectl patch\` when the resource is removed. --- ##### \`patchType\`Optional \`\`\`typescript public readonly patchType: PatchType; \`\`\` - *Type:* PatchType - *Default:* PatchType.STRATEGIC The patch type to pass to \`kubectl patch\`. The default type used by \`kubectl patch\` is "strategic". --- ##### \`resourceNamespace\`Optional \`\`\`typescript public readonly resourceNamespace: string; \`\`\` - *Type:* string - *Default:* "default" The kubernetes API namespace. --- ### LabelProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const labelProperty: aws_eks.CfnFargateProfile.LabelProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | key | string | \`CfnFargateProfile.LabelProperty.Key\`. | | value | string | \`CfnFargateProfile.LabelProperty.Value\`. | --- ##### \`key\`Required \`\`\`typescript public readonly key: string; \`\`\` - *Type:* string \`CfnFargateProfile.LabelProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-key) --- ##### \`value\`Required \`\`\`typescript public readonly value: string; \`\`\` - *Type:* string \`CfnFargateProfile.LabelProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-label.html#cfn-eks-fargateprofile-label-value) --- ### LaunchTemplateSpec Launch template property specification. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const launchTemplateSpec: aws_eks.LaunchTemplateSpec = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | id | string | The Launch template ID. | | version | string | The launch template version to be used (optional). | --- ##### \`id\`Required \`\`\`typescript public readonly id: string; \`\`\` - *Type:* string The Launch template ID. --- ##### \`version\`Optional \`\`\`typescript public readonly version: string; \`\`\` - *Type:* string - *Default:* the default version of the launch template The launch template version to be used (optional). --- ### LaunchTemplateSpecificationProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const launchTemplateSpecificationProperty: aws_eks.CfnNodegroup.LaunchTemplateSpecificationProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | id | string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. | | name | string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. | | version | string | \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. | --- ##### \`id\`Optional \`\`\`typescript public readonly id: string; \`\`\` - *Type:* string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Id\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-id) --- ##### \`name\`Optional \`\`\`typescript public readonly name: string; \`\`\` - *Type:* string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Name\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-name) --- ##### \`version\`Optional \`\`\`typescript public readonly version: string; \`\`\` - *Type:* string \`CfnNodegroup.LaunchTemplateSpecificationProperty.Version\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-launchtemplatespecification.html#cfn-eks-nodegroup-launchtemplatespecification-version) --- ### NodegroupOptions The Nodegroup Options for addNodeGroup() method. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const nodegroupOptions: aws_eks.NodegroupOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | amiType | NodegroupAmiType | The AMI type for your node group. | | capacityType | CapacityType | The capacity type of the nodegroup. | | desiredSize | number | The current number of worker nodes that the managed node group should maintain. | | diskSize | number | The root device disk size (in GiB) for your node group instances. | | forceUpdate | boolean | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instanceTypes | aws-cdk-lib.aws_ec2.InstanceType[] | The instance types to use for your node group. | | labels | {[ key: string ]: string} | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | maxSize | number | The maximum number of worker nodes that the managed node group can scale out to. | | minSize | number | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroupName | string | Name of the Nodegroup. | | nodeRole | aws-cdk-lib.aws_iam.IRole | The IAM role to associate with your node group. | | releaseVersion | string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | aws-cdk-lib.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | {[ key: string ]: string} | The metadata to apply to the node group to assist with categorization and organization. | --- ##### \`amiType\`Optional \`\`\`typescript public readonly amiType: NodegroupAmiType; \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacityType\`Optional \`\`\`typescript public readonly capacityType: CapacityType; \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desiredSize\`Optional \`\`\`typescript public readonly desiredSize: number; \`\`\` - *Type:* number - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`diskSize\`Optional \`\`\`typescript public readonly diskSize: number; \`\`\` - *Type:* number - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`forceUpdate\`Optional \`\`\`typescript public readonly forceUpdate: boolean; \`\`\` - *Type:* boolean - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`instanceTypes\`Optional \`\`\`typescript public readonly instanceTypes: InstanceType[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.InstanceType[] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`typescript public readonly labels: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launchTemplateSpec\`Optional \`\`\`typescript public readonly launchTemplateSpec: LaunchTemplateSpec; \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`maxSize\`Optional \`\`\`typescript public readonly maxSize: number; \`\`\` - *Type:* number - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`minSize\`Optional \`\`\`typescript public readonly minSize: number; \`\`\` - *Type:* number - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroupName\`Optional \`\`\`typescript public readonly nodegroupName: string; \`\`\` - *Type:* string - *Default:* resource ID Name of the Nodegroup. --- ##### \`nodeRole\`Optional \`\`\`typescript public readonly nodeRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`releaseVersion\`Optional \`\`\`typescript public readonly releaseVersion: string; \`\`\` - *Type:* string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remoteAccess\`Optional \`\`\`typescript public readonly remoteAccess: NodegroupRemoteAccess; \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional \`\`\`typescript public readonly subnets: SubnetSelection; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional \`\`\`typescript public readonly tags: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ### NodegroupProps NodeGroup properties interface. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const nodegroupProps: aws_eks.NodegroupProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | amiType | NodegroupAmiType | The AMI type for your node group. | | capacityType | CapacityType | The capacity type of the nodegroup. | | desiredSize | number | The current number of worker nodes that the managed node group should maintain. | | diskSize | number | The root device disk size (in GiB) for your node group instances. | | forceUpdate | boolean | Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. | | instanceTypes | aws-cdk-lib.aws_ec2.InstanceType[] | The instance types to use for your node group. | | labels | {[ key: string ]: string} | The Kubernetes labels to be applied to the nodes in the node group when they are created. | | launchTemplateSpec | LaunchTemplateSpec | Launch template specification used for the nodegroup. | | maxSize | number | The maximum number of worker nodes that the managed node group can scale out to. | | minSize | number | The minimum number of worker nodes that the managed node group can scale in to. | | nodegroupName | string | Name of the Nodegroup. | | nodeRole | aws-cdk-lib.aws_iam.IRole | The IAM role to associate with your node group. | | releaseVersion | string | The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). | | remoteAccess | NodegroupRemoteAccess | The remote access (SSH) configuration to use with your node group. | | subnets | aws-cdk-lib.aws_ec2.SubnetSelection | The subnets to use for the Auto Scaling group that is created for your node group. | | tags | {[ key: string ]: string} | The metadata to apply to the node group to assist with categorization and organization. | | cluster | ICluster | Cluster resource. | --- ##### \`amiType\`Optional \`\`\`typescript public readonly amiType: NodegroupAmiType; \`\`\` - *Type:* NodegroupAmiType - *Default:* auto-determined from the instanceTypes property. The AMI type for your node group. --- ##### \`capacityType\`Optional \`\`\`typescript public readonly capacityType: CapacityType; \`\`\` - *Type:* CapacityType - *Default:* ON_DEMAND The capacity type of the nodegroup. --- ##### \`desiredSize\`Optional \`\`\`typescript public readonly desiredSize: number; \`\`\` - *Type:* number - *Default:* 2 The current number of worker nodes that the managed node group should maintain. If not specified, the nodewgroup will initially create \`minSize\` instances. --- ##### \`diskSize\`Optional \`\`\`typescript public readonly diskSize: number; \`\`\` - *Type:* number - *Default:* 20 The root device disk size (in GiB) for your node group instances. --- ##### \`forceUpdate\`Optional \`\`\`typescript public readonly forceUpdate: boolean; \`\`\` - *Type:* boolean - *Default:* true Force the update if the existing node group's pods are unable to be drained due to a pod disruption budget issue. If an update fails because pods could not be drained, you can force the update after it fails to terminate the old node whether or not any pods are running on the node. --- ##### \`instanceTypes\`Optional \`\`\`typescript public readonly instanceTypes: InstanceType[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.InstanceType[] - *Default:* t3.medium will be used according to the cloudformation document. The instance types to use for your node group. > [- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes](- https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-nodegroup.html#cfn-eks-nodegroup-instancetypes) --- ##### \`labels\`Optional \`\`\`typescript public readonly labels: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* None The Kubernetes labels to be applied to the nodes in the node group when they are created. --- ##### \`launchTemplateSpec\`Optional \`\`\`typescript public readonly launchTemplateSpec: LaunchTemplateSpec; \`\`\` - *Type:* LaunchTemplateSpec - *Default:* no launch template Launch template specification used for the nodegroup. > [- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html](- https://docs.aws.amazon.com/eks/latest/userguide/launch-templates.html) --- ##### \`maxSize\`Optional \`\`\`typescript public readonly maxSize: number; \`\`\` - *Type:* number - *Default:* desiredSize The maximum number of worker nodes that the managed node group can scale out to. Managed node groups can support up to 100 nodes by default. --- ##### \`minSize\`Optional \`\`\`typescript public readonly minSize: number; \`\`\` - *Type:* number - *Default:* 1 The minimum number of worker nodes that the managed node group can scale in to. This number must be greater than zero. --- ##### \`nodegroupName\`Optional \`\`\`typescript public readonly nodegroupName: string; \`\`\` - *Type:* string - *Default:* resource ID Name of the Nodegroup. --- ##### \`nodeRole\`Optional \`\`\`typescript public readonly nodeRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole - *Default:* None. Auto-generated if not specified. The IAM role to associate with your node group. The Amazon EKS worker node kubelet daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. --- ##### \`releaseVersion\`Optional \`\`\`typescript public readonly releaseVersion: string; \`\`\` - *Type:* string - *Default:* The latest available AMI version for the node group's current Kubernetes version is used. The AMI version of the Amazon EKS-optimized AMI to use with your node group (for example, \`1.14.7-YYYYMMDD\`). --- ##### \`remoteAccess\`Optional \`\`\`typescript public readonly remoteAccess: NodegroupRemoteAccess; \`\`\` - *Type:* NodegroupRemoteAccess - *Default:* disabled The remote access (SSH) configuration to use with your node group. Disabled by default, however, if you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0) --- ##### \`subnets\`Optional \`\`\`typescript public readonly subnets: SubnetSelection; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.SubnetSelection - *Default:* private subnets The subnets to use for the Auto Scaling group that is created for your node group. By specifying the SubnetSelection, the selected subnets will automatically apply required tags i.e. \`kubernetes.io/cluster/CLUSTER_NAME\` with a value of \`shared\`, where \`CLUSTER_NAME\` is replaced with the name of your cluster. --- ##### \`tags\`Optional \`\`\`typescript public readonly tags: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* None The metadata to apply to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets. --- ##### \`cluster\`Required \`\`\`typescript public readonly cluster: ICluster; \`\`\` - *Type:* ICluster Cluster resource. --- ### NodegroupRemoteAccess The remote access (SSH) configuration to use with your node group. > [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const nodegroupRemoteAccess: aws_eks.NodegroupRemoteAccess = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | sshKeyName | string | The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. | | sourceSecurityGroups | aws-cdk-lib.aws_ec2.ISecurityGroup[] | The security groups that are allowed SSH access (port 22) to the worker nodes. | --- ##### \`sshKeyName\`Required \`\`\`typescript public readonly sshKeyName: string; \`\`\` - *Type:* string The Amazon EC2 SSH key that provides access for SSH communication with the worker nodes in the managed node group. --- ##### \`sourceSecurityGroups\`Optional \`\`\`typescript public readonly sourceSecurityGroups: ISecurityGroup[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup[] - *Default:* port 22 on the worker nodes is opened to the internet (0.0.0.0/0) The security groups that are allowed SSH access (port 22) to the worker nodes. If you specify an Amazon EC2 SSH key but do not specify a source security group when you create a managed node group, then port 22 on the worker nodes is opened to the internet (0.0.0.0/0). --- ### OpenIdConnectProviderProps Initialization properties for \`OpenIdConnectProvider\`. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const openIdConnectProviderProps: aws_eks.OpenIdConnectProviderProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | url | string | The URL of the identity provider. | --- ##### \`url\`Required \`\`\`typescript public readonly url: string; \`\`\` - *Type:* string The URL of the identity provider. The URL must begin with https:// and should correspond to the iss claim in the provider's OpenID Connect ID tokens. Per the OIDC standard, path components are allowed but query parameters are not. Typically the URL consists of only a hostname, like https://server.example.org or https://example.com. You can find your OIDC Issuer URL by: aws eks describe-cluster --name %cluster_name% --query "cluster.identity.oidc.issuer" --output text --- ### ProviderProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const providerProperty: aws_eks.CfnCluster.ProviderProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | keyArn | string | \`CfnCluster.ProviderProperty.KeyArn\`. | --- ##### \`keyArn\`Optional \`\`\`typescript public readonly keyArn: string; \`\`\` - *Type:* string \`CfnCluster.ProviderProperty.KeyArn\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn) --- ### RemoteAccessProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const remoteAccessProperty: aws_eks.CfnNodegroup.RemoteAccessProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | ec2SshKey | string | \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. | | sourceSecurityGroups | string[] | \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. | --- ##### \`ec2SshKey\`Required \`\`\`typescript public readonly ec2SshKey: string; \`\`\` - *Type:* string \`CfnNodegroup.RemoteAccessProperty.Ec2SshKey\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-ec2sshkey) --- ##### \`sourceSecurityGroups\`Optional \`\`\`typescript public readonly sourceSecurityGroups: string[]; \`\`\` - *Type:* string[] \`CfnNodegroup.RemoteAccessProperty.SourceSecurityGroups\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-remoteaccess.html#cfn-eks-nodegroup-remoteaccess-sourcesecuritygroups) --- ### ResourcesVpcConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const resourcesVpcConfigProperty: aws_eks.CfnCluster.ResourcesVpcConfigProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | subnetIds | string[] | \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. | | securityGroupIds | string[] | \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. | --- ##### \`subnetIds\`Required \`\`\`typescript public readonly subnetIds: string[]; \`\`\` - *Type:* string[] \`CfnCluster.ResourcesVpcConfigProperty.SubnetIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids) --- ##### \`securityGroupIds\`Optional \`\`\`typescript public readonly securityGroupIds: string[]; \`\`\` - *Type:* string[] \`CfnCluster.ResourcesVpcConfigProperty.SecurityGroupIds\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids) --- ### ScalingConfigProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const scalingConfigProperty: aws_eks.CfnNodegroup.ScalingConfigProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | desiredSize | number | \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. | | maxSize | number | \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. | | minSize | number | \`CfnNodegroup.ScalingConfigProperty.MinSize\`. | --- ##### \`desiredSize\`Optional \`\`\`typescript public readonly desiredSize: number; \`\`\` - *Type:* number \`CfnNodegroup.ScalingConfigProperty.DesiredSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-desiredsize) --- ##### \`maxSize\`Optional \`\`\`typescript public readonly maxSize: number; \`\`\` - *Type:* number \`CfnNodegroup.ScalingConfigProperty.MaxSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-maxsize) --- ##### \`minSize\`Optional \`\`\`typescript public readonly minSize: number; \`\`\` - *Type:* number \`CfnNodegroup.ScalingConfigProperty.MinSize\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-scalingconfig.html#cfn-eks-nodegroup-scalingconfig-minsize) --- ### Selector Fargate profile selector. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const selector: aws_eks.Selector = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | string | The Kubernetes namespace that the selector should match. | | labels | {[ key: string ]: string} | The Kubernetes labels that the selector should match. | --- ##### \`namespace\`Required \`\`\`typescript public readonly namespace: string; \`\`\` - *Type:* string The Kubernetes namespace that the selector should match. You must specify a namespace for a selector. The selector only matches pods that are created in this namespace, but you can create multiple selectors to target multiple namespaces. --- ##### \`labels\`Optional \`\`\`typescript public readonly labels: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} - *Default:* all pods within the namespace will be selected. The Kubernetes labels that the selector should match. A pod must contain all of the labels that are specified in the selector for it to be considered a match. --- ### SelectorProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const selectorProperty: aws_eks.CfnFargateProfile.SelectorProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | string | \`CfnFargateProfile.SelectorProperty.Namespace\`. | | labels | aws-cdk-lib.IResolvable \\| LabelProperty \\| aws-cdk-lib.IResolvable[] | \`CfnFargateProfile.SelectorProperty.Labels\`. | --- ##### \`namespace\`Required \`\`\`typescript public readonly namespace: string; \`\`\` - *Type:* string \`CfnFargateProfile.SelectorProperty.Namespace\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-namespace) --- ##### \`labels\`Optional \`\`\`typescript public readonly labels: IResolvable | LabelProperty | IResolvable[]; \`\`\` - *Type:* aws-cdk-lib.IResolvable | LabelProperty | aws-cdk-lib.IResolvable[] \`CfnFargateProfile.SelectorProperty.Labels\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-fargateprofile-selector.html#cfn-eks-fargateprofile-selector-labels) --- ### ServiceAccountOptions Options for \`ServiceAccount\`. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const serviceAccountOptions: aws_eks.ServiceAccountOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | string | The name of the service account. | | namespace | string | The namespace of the service account. | --- ##### \`name\`Optional \`\`\`typescript public readonly name: string; \`\`\` - *Type:* string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional \`\`\`typescript public readonly namespace: string; \`\`\` - *Type:* string - *Default:* "default" The namespace of the service account. --- ### ServiceAccountProps Properties for defining service accounts. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const serviceAccountProps: aws_eks.ServiceAccountProps = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | name | string | The name of the service account. | | namespace | string | The namespace of the service account. | | cluster | ICluster | The cluster to apply the patch to. | --- ##### \`name\`Optional \`\`\`typescript public readonly name: string; \`\`\` - *Type:* string - *Default:* If no name is given, it will use the id of the resource. The name of the service account. --- ##### \`namespace\`Optional \`\`\`typescript public readonly namespace: string; \`\`\` - *Type:* string - *Default:* "default" The namespace of the service account. --- ##### \`cluster\`Required \`\`\`typescript public readonly cluster: ICluster; \`\`\` - *Type:* ICluster The cluster to apply the patch to. --- ### ServiceLoadBalancerAddressOptions Options for fetching a ServiceLoadBalancerAddress. #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const serviceLoadBalancerAddressOptions: aws_eks.ServiceLoadBalancerAddressOptions = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | namespace | string | The namespace the service belongs to. | | timeout | aws-cdk-lib.Duration | Timeout for waiting on the load balancer address. | --- ##### \`namespace\`Optional \`\`\`typescript public readonly namespace: string; \`\`\` - *Type:* string - *Default:* 'default' The namespace the service belongs to. --- ##### \`timeout\`Optional \`\`\`typescript public readonly timeout: Duration; \`\`\` - *Type:* aws-cdk-lib.Duration - *Default:* Duration.minutes(5) Timeout for waiting on the load balancer address. --- ### TaintProperty > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html) #### Initializer \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' const taintProperty: aws_eks.CfnNodegroup.TaintProperty = { ... } \`\`\` #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | effect | string | \`CfnNodegroup.TaintProperty.Effect\`. | | key | string | \`CfnNodegroup.TaintProperty.Key\`. | | value | string | \`CfnNodegroup.TaintProperty.Value\`. | --- ##### \`effect\`Optional \`\`\`typescript public readonly effect: string; \`\`\` - *Type:* string \`CfnNodegroup.TaintProperty.Effect\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-effect) --- ##### \`key\`Optional \`\`\`typescript public readonly key: string; \`\`\` - *Type:* string \`CfnNodegroup.TaintProperty.Key\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-key) --- ##### \`value\`Optional \`\`\`typescript public readonly value: string; \`\`\` - *Type:* string \`CfnNodegroup.TaintProperty.Value\`. > [http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-nodegroup-taint.html#cfn-eks-nodegroup-taint-value) --- ## Classes ### EksOptimizedImage - *Implements:* aws-cdk-lib.aws_ec2.IMachineImage Construct an Amazon Linux 2 image from the latest EKS Optimized AMI published in SSM. #### Initializers \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' new aws_eks.EksOptimizedImage(props?: EksOptimizedImageProps) \`\`\` | **Name** | **Type** | **Description** | | --- | --- | --- | | props | EksOptimizedImageProps | *No description.* | --- ##### \`props\`Optional - *Type:* EksOptimizedImageProps --- #### Methods | **Name** | **Description** | | --- | --- | | getImage | Return the correct image. | --- ##### \`getImage\` \`\`\`typescript public getImage(scope: Construct): MachineImageConfig \`\`\` Return the correct image. ###### \`scope\`Required - *Type:* constructs.Construct --- ### EndpointAccess Endpoint access characteristics. #### Methods | **Name** | **Description** | | --- | --- | | onlyFrom | Restrict public access to specific CIDR blocks. | --- ##### \`onlyFrom\` \`\`\`typescript public onlyFrom(cidr: string): EndpointAccess \`\`\` Restrict public access to specific CIDR blocks. If public access is disabled, this method will result in an error. ###### \`cidr\`Required - *Type:* string CIDR blocks. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | PRIVATE | EndpointAccess | The cluster endpoint is only accessible through your VPC. | | PUBLIC | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | | PUBLIC_AND_PRIVATE | EndpointAccess | The cluster endpoint is accessible from outside of your VPC. | --- ##### \`PRIVATE\`Required \`\`\`typescript public readonly PRIVATE: EndpointAccess; \`\`\` - *Type:* EndpointAccess The cluster endpoint is only accessible through your VPC. Worker node traffic to the endpoint will stay within your VPC. --- ##### \`PUBLIC\`Required \`\`\`typescript public readonly PUBLIC: EndpointAccess; \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic will leave your VPC to connect to the endpoint. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ##### \`PUBLIC_AND_PRIVATE\`Required \`\`\`typescript public readonly PUBLIC_AND_PRIVATE: EndpointAccess; \`\`\` - *Type:* EndpointAccess The cluster endpoint is accessible from outside of your VPC. Worker node traffic to the endpoint will stay within your VPC. By default, the endpoint is exposed to all adresses. You can optionally limit the CIDR blocks that can access the public endpoint using the \`PUBLIC_AND_PRIVATE.onlyFrom\` method. If you limit access to specific CIDR blocks, you must ensure that the CIDR blocks that you specify include the addresses that worker nodes and Fargate pods (if you use them) access the public endpoint from. --- ### KubernetesVersion Kubernetes cluster version. #### Static Functions | **Name** | **Description** | | --- | --- | | of | Custom cluster version. | --- ##### \`of\` \`\`\`typescript import { aws_eks } from 'aws-cdk-lib' aws_eks.KubernetesVersion.of(version: string) \`\`\` Custom cluster version. ###### \`version\`Required - *Type:* string custom version number. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | version | string | cluster version number. | --- ##### \`version\`Required \`\`\`typescript public readonly version: string; \`\`\` - *Type:* string cluster version number. --- #### Constants | **Name** | **Type** | **Description** | | --- | --- | --- | | V1_14 | KubernetesVersion | Kubernetes version 1.14. | | V1_15 | KubernetesVersion | Kubernetes version 1.15. | | V1_16 | KubernetesVersion | Kubernetes version 1.16. | | V1_17 | KubernetesVersion | Kubernetes version 1.17. | | V1_18 | KubernetesVersion | Kubernetes version 1.18. | | V1_19 | KubernetesVersion | Kubernetes version 1.19. | --- ##### \`V1_14\`Required \`\`\`typescript public readonly V1_14: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.14. --- ##### \`V1_15\`Required \`\`\`typescript public readonly V1_15: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.15. --- ##### \`V1_16\`Required \`\`\`typescript public readonly V1_16: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.16. --- ##### \`V1_17\`Required \`\`\`typescript public readonly V1_17: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.17. --- ##### \`V1_18\`Required \`\`\`typescript public readonly V1_18: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.18. --- ##### \`V1_19\`Required \`\`\`typescript public readonly V1_19: KubernetesVersion; \`\`\` - *Type:* KubernetesVersion Kubernetes version 1.19. --- ## Protocols ### ICluster - *Extends:* aws-cdk-lib.IResource, aws-cdk-lib.aws_ec2.IConnectable - *Implemented By:* Cluster, FargateCluster, ICluster An EKS cluster. #### Methods | **Name** | **Description** | | --- | --- | | addCdk8sChart | Defines a CDK8s chart in this cluster. | | addHelmChart | Defines a Helm chart in this cluster. | | addManifest | Defines a Kubernetes resource in this cluster. | | addServiceAccount | Creates a new service account with corresponding IAM Role (IRSA). | --- ##### \`addCdk8sChart\` \`\`\`typescript public addCdk8sChart(id: string, chart: Construct): KubernetesManifest \`\`\` Defines a CDK8s chart in this cluster. ###### \`id\`Required - *Type:* string logical id of this chart. --- ###### \`chart\`Required - *Type:* constructs.Construct the cdk8s chart. --- ##### \`addHelmChart\` \`\`\`typescript public addHelmChart(id: string, options: HelmChartOptions): HelmChart \`\`\` Defines a Helm chart in this cluster. ###### \`id\`Required - *Type:* string logical id of this chart. --- ###### \`options\`Required - *Type:* HelmChartOptions options of this chart. --- ##### \`addManifest\` \`\`\`typescript public addManifest(id: string, manifest: {[ key: string ]: any}): KubernetesManifest \`\`\` Defines a Kubernetes resource in this cluster. The manifest will be applied/deleted using kubectl as needed. ###### \`id\`Required - *Type:* string logical id of this manifest. --- ###### \`manifest\`Required - *Type:* {[ key: string ]: any} a list of Kubernetes resource specifications. --- ##### \`addServiceAccount\` \`\`\`typescript public addServiceAccount(id: string, options?: ServiceAccountOptions): ServiceAccount \`\`\` Creates a new service account with corresponding IAM Role (IRSA). ###### \`id\`Required - *Type:* string logical id of service account. --- ###### \`options\`Optional - *Type:* ServiceAccountOptions service account options. --- #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. | | stack | aws-cdk-lib.Stack | The stack in which this resource is defined. | | connections | aws-cdk-lib.aws_ec2.Connections | *No description.* | | clusterArn | string | The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. | | clusterCertificateAuthorityData | string | The certificate-authority-data for your cluster. | | clusterEncryptionConfigKeyArn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). | | clusterEndpoint | string | The API Server endpoint URL. | | clusterName | string | The physical name of the Cluster. | | clusterSecurityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | The cluster security group that was created by Amazon EKS for the cluster. | | clusterSecurityGroupId | string | The id of the cluster security group that was created by Amazon EKS for the cluster. | | openIdConnectProvider | aws-cdk-lib.aws_iam.IOpenIdConnectProvider | The Open ID Connect Provider of the cluster used to configure Service Accounts. | | prune | boolean | Indicates whether Kubernetes resources can be automatically pruned. | | vpc | aws-cdk-lib.aws_ec2.IVpc | The VPC in which this Cluster was created. | | kubectlEnvironment | {[ key: string ]: string} | Custom environment variables when running \`kubectl\` against this cluster. | | kubectlLayer | aws-cdk-lib.aws_lambda.ILayerVersion | An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. | | kubectlMemory | aws-cdk-lib.Size | Amount of memory to allocate to the provider's lambda function. | | kubectlPrivateSubnets | aws-cdk-lib.aws_ec2.ISubnet[] | Subnets to host the \`kubectl\` compute resources. | | kubectlRole | aws-cdk-lib.aws_iam.IRole | An IAM role that can perform kubectl operations against this cluster. | | kubectlSecurityGroup | aws-cdk-lib.aws_ec2.ISecurityGroup | A security group to use for \`kubectl\` execution. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* aws-cdk-lib.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this resource is defined. --- ##### \`connections\`Required \`\`\`typescript public readonly connections: Connections; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.Connections --- ##### \`clusterArn\`Required \`\`\`typescript public readonly clusterArn: string; \`\`\` - *Type:* string The unique ARN assigned to the service by AWS in the form of arn:aws:eks:. --- ##### \`clusterCertificateAuthorityData\`Required \`\`\`typescript public readonly clusterCertificateAuthorityData: string; \`\`\` - *Type:* string The certificate-authority-data for your cluster. --- ##### \`clusterEncryptionConfigKeyArn\`Required \`\`\`typescript public readonly clusterEncryptionConfigKeyArn: string; \`\`\` - *Type:* string Amazon Resource Name (ARN) or alias of the customer master key (CMK). --- ##### \`clusterEndpoint\`Required \`\`\`typescript public readonly clusterEndpoint: string; \`\`\` - *Type:* string The API Server endpoint URL. --- ##### \`clusterName\`Required \`\`\`typescript public readonly clusterName: string; \`\`\` - *Type:* string The physical name of the Cluster. --- ##### \`clusterSecurityGroup\`Required \`\`\`typescript public readonly clusterSecurityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup The cluster security group that was created by Amazon EKS for the cluster. --- ##### \`clusterSecurityGroupId\`Required \`\`\`typescript public readonly clusterSecurityGroupId: string; \`\`\` - *Type:* string The id of the cluster security group that was created by Amazon EKS for the cluster. --- ##### \`openIdConnectProvider\`Required \`\`\`typescript public readonly openIdConnectProvider: IOpenIdConnectProvider; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IOpenIdConnectProvider The Open ID Connect Provider of the cluster used to configure Service Accounts. --- ##### \`prune\`Required \`\`\`typescript public readonly prune: boolean; \`\`\` - *Type:* boolean Indicates whether Kubernetes resources can be automatically pruned. When this is enabled (default), prune labels will be allocated and injected to each resource. These labels will then be used when issuing the \`kubectl apply\` operation with the \`--prune\` switch. --- ##### \`vpc\`Required \`\`\`typescript public readonly vpc: IVpc; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.IVpc The VPC in which this Cluster was created. --- ##### \`kubectlEnvironment\`Optional \`\`\`typescript public readonly kubectlEnvironment: {[ key: string ]: string}; \`\`\` - *Type:* {[ key: string ]: string} Custom environment variables when running \`kubectl\` against this cluster. --- ##### \`kubectlLayer\`Optional \`\`\`typescript public readonly kubectlLayer: ILayerVersion; \`\`\` - *Type:* aws-cdk-lib.aws_lambda.ILayerVersion An AWS Lambda layer that includes \`kubectl\`, \`helm\` and the \`aws\` CLI. If not defined, a default layer will be used. --- ##### \`kubectlMemory\`Optional \`\`\`typescript public readonly kubectlMemory: Size; \`\`\` - *Type:* aws-cdk-lib.Size Amount of memory to allocate to the provider's lambda function. --- ##### \`kubectlPrivateSubnets\`Optional \`\`\`typescript public readonly kubectlPrivateSubnets: ISubnet[]; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISubnet[] Subnets to host the \`kubectl\` compute resources. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ##### \`kubectlRole\`Optional \`\`\`typescript public readonly kubectlRole: IRole; \`\`\` - *Type:* aws-cdk-lib.aws_iam.IRole An IAM role that can perform kubectl operations against this cluster. The role should be mapped to the \`system:masters\` Kubernetes RBAC role. --- ##### \`kubectlSecurityGroup\`Optional \`\`\`typescript public readonly kubectlSecurityGroup: ISecurityGroup; \`\`\` - *Type:* aws-cdk-lib.aws_ec2.ISecurityGroup A security group to use for \`kubectl\` execution. If this is undefined, the k8s endpoint is expected to be accessible publicly. --- ### INodegroup - *Extends:* aws-cdk-lib.IResource - *Implemented By:* Nodegroup, INodegroup NodeGroup interface. #### Properties | **Name** | **Type** | **Description** | | --- | --- | --- | | node | constructs.Node | The tree node. | | env | aws-cdk-lib.ResourceEnvironment | The environment this resource belongs to. | | stack | aws-cdk-lib.Stack | The stack in which this resource is defined. | | nodegroupName | string | Name of the nodegroup. | --- ##### \`node\`Required \`\`\`typescript public readonly node: Node; \`\`\` - *Type:* constructs.Node The tree node. --- ##### \`env\`Required \`\`\`typescript public readonly env: ResourceEnvironment; \`\`\` - *Type:* aws-cdk-lib.ResourceEnvironment The environment this resource belongs to. For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into. --- ##### \`stack\`Required \`\`\`typescript public readonly stack: Stack; \`\`\` - *Type:* aws-cdk-lib.Stack The stack in which this resource is defined. --- ##### \`nodegroupName\`Required \`\`\`typescript public readonly nodegroupName: string; \`\`\` - *Type:* string Name of the nodegroup. --- ## Enums ### CapacityType Capacity type of the managed node group. #### Members | **Name** | **Description** | | --- | --- | | SPOT | spot instances. | | ON_DEMAND | on-demand instances. | --- ##### \`SPOT\` spot instances. --- ##### \`ON_DEMAND\` on-demand instances. --- ### CoreDnsComputeType The type of compute resources to use for CoreDNS. #### Members | **Name** | **Description** | | --- | --- | | EC2 | Deploy CoreDNS on EC2 instances. | | FARGATE | Deploy CoreDNS on Fargate-managed instances. | --- ##### \`EC2\` Deploy CoreDNS on EC2 instances. --- ##### \`FARGATE\` Deploy CoreDNS on Fargate-managed instances. --- ### CpuArch CPU architecture. #### Members | **Name** | **Description** | | --- | --- | | ARM_64 | arm64 CPU type. | | X86_64 | x86_64 CPU type. | --- ##### \`ARM_64\` arm64 CPU type. --- ##### \`X86_64\` x86_64 CPU type. --- ### DefaultCapacityType The default capacity type for the cluster. #### Members | **Name** | **Description** | | --- | --- | | NODEGROUP | managed node group. | | EC2 | EC2 autoscaling group. | --- ##### \`NODEGROUP\` managed node group. --- ##### \`EC2\` EC2 autoscaling group. --- ### MachineImageType The machine image type. #### Members | **Name** | **Description** | | --- | --- | | AMAZON_LINUX_2 | Amazon EKS-optimized Linux AMI. | | BOTTLEROCKET | Bottlerocket AMI. | --- ##### \`AMAZON_LINUX_2\` Amazon EKS-optimized Linux AMI. --- ##### \`BOTTLEROCKET\` Bottlerocket AMI. --- ### NodegroupAmiType The AMI type for your node group. GPU instance types should use the \`AL2_x86_64_GPU\` AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the \`AL2_x86_64\` AMI type, which uses the Amazon EKS-optimized Linux AMI. #### Members | **Name** | **Description** | | --- | --- | | AL2_X86_64 | Amazon Linux 2 (x86-64). | | AL2_X86_64_GPU | Amazon Linux 2 with GPU support. | | AL2_ARM_64 | Amazon Linux 2 (ARM-64). | --- ##### \`AL2_X86_64\` Amazon Linux 2 (x86-64). --- ##### \`AL2_X86_64_GPU\` Amazon Linux 2 with GPU support. --- ##### \`AL2_ARM_64\` Amazon Linux 2 (ARM-64). --- ### NodeType Whether the worker nodes should support GPU or just standard instances. #### Members | **Name** | **Description** | | --- | --- | | STANDARD | Standard instances. | | GPU | GPU instances. | | INFERENTIA | Inferentia instances. | --- ##### \`STANDARD\` Standard instances. --- ##### \`GPU\` GPU instances. --- ##### \`INFERENTIA\` Inferentia instances. --- ### PatchType Values for \`kubectl patch\` --type argument. #### Members | **Name** | **Description** | | --- | --- | | JSON | JSON Patch, RFC 6902. | | MERGE | JSON Merge patch. | | STRATEGIC | Strategic merge patch. | --- ##### \`JSON\` JSON Patch, RFC 6902. --- ##### \`MERGE\` JSON Merge patch. --- ##### \`STRATEGIC\` Strategic merge patch. --- " `;